If you don’t want Standard users to launch the Control panel on Windows 10/11 devices and make any changes to PC Settings, you can use a setting called Prohibit access to Control Panel and PC settings (User) available in the Intune Settings catalog.
Once this policy is applied, user will be restricted from launching the control panel or Settings app or altering any PC settings, such as the desktop background, display settings, or accessing the device manager.
This setting blocks Control.exe and SystemSettings.exe, preventing users from launching the Control panel or Settings app or running any associated items.
Block/Restrict/Disable Access to Control Panel Intune Policy
- Sign in to the Intune admin center >Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Settings Catalog.
- Basics tab – Provide a Name and Description of the policy.
- Configuration settings –
- Using Settings Picker, search for prohibit.
- Click on the Category Administrative Templates\Control Panel and select Prohibit access to Control Panel and PC settings (User).
- Use the toggle switch to Enable this policy. Click Next.
- On Scope tags, Click Next
- Assignments – Assign this profile to an Entra security group containing Users/devices. Click Next.
- Review + create – Review the profile and click on Create.
End User Experience
Users will get the following error message after opening the Control Panel, Settings app, or any Settings items. The screenshot below shows the error message when right-clicking on the desktop and selecting Personalize.
This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page.
Error
