This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 35%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Hello everyone.
We have a Mysql application called MYSQLDUMP that works to export information from MYsql databases, this program needs to use cmd.exe, but the applocker blocks it.
Is there any risk if we enable said CMD.exe?
Thanks for the help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
CMD can be used safely for users.
Users can only run commands with their permission.
If user run some command to change or write date on the clients without rights, they will encounter access denied error or there will be an elevation prompt for standard users.
Make sure the UAC was enabled and you can set policy: User Account Control: Behavior of the elevation prompt for standard users to the following settings:
You can restrict the permissions for users on the clients or resource.
Best Regards,
No, there are no risks with CMD, it is Windows component and safe to run.
Hi, Crypt32.
Thanks for answering, is there no security risk in enabling CMD on a server where it is used by multiple people?
We must enable this application, but we have doubts if by enabling it, a user can perform an improper action in our operating system, taking into account that they are non-administrator users.
Thanks for your help
Using CMD, they cannot elevate themselves to privileged account or do something that is not allowed by their permissions or rights. There are plenty ways to run commands/apps without CMD, so disabling CMD you benefit nothing. There are more powerful tools out of the box, for example, PowerShell which is magnitudes more powerful and allow to perform complex things easier. Applocker should enforce protection on folders where users can write data to minimize (not avoid, but minimize) chances that people will run unauthorized software.