In WDAC file path rules is it possible to block high privileged commands such as cmd.exe from standard users, but still allow for administrators?
When i enable "UMCI" and deny "CMD.EXE" in WDAC custom rule it is getting blocked for all the users(Administrators and Standard User). but when i disable "UMCI" and deny block "CMD.EXE" in WDAC custom rule, it is not blocking any applications for all users(Administrators and Standard User).
My queries is In WDAC policy i wanted to block CMD.EXE only for standard user and administrator should access CMD.EXE, is it possible?