In this blog post, I will show you the steps to restrict access to control panel using Intune. If you don’t want Standard users to launch control panel on Windows 10/11 devices and make any changes to PC Settings, you can use a setting called Prohibit access to Control Panel and PC settings (User). This setting is available in the Settings catalog on Intune admin center.
Once this policy is applied, the user will be restricted from launching the control panel or Settings app or altering any PC settings, such as the desktop background, display settings, or accessing the device manager.
This setting blocks Control.exe and SystemSettings.exe, preventing users from launching the Control panel or Settings app or running any associated items.
Contents
Block/Restrict/Disable Access to Control Panel Intune Policy
- Sign in to the Intune admin center >Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Settings Catalog.
- Basics tab: Provide a Name and Description of the policy.
- Configuration settings:
- Using Settings Picker, search for prohibit.
- Click on the Category Administrative Templates\Control Panel and select Prohibit access to Control Panel and PC settings (User).
- Use the toggle switch to Enable this policy. Click Next.
- Scope tags (optional): A scope tag in Intune is an RBAC label you add to resources (policies, apps, devices) to limit which admins can see and manage them. For more Information, read: How to use Scope tags in Intune.
- Assignments: Assign the policy to Entra security groups that contain the target users or devices. As a best practice, pilot with a small set first; once validated, roll it out more broadly. For guidance on assignment strategy, see Intune assignments: User groups vs. Device groups.
- Review + create: Review the deployment summary and click Create.
End User Experience
Users will get the following error message after opening the Control Panel, Settings app, or any Settings items. The screenshot below shows the error message when right-clicking on the desktop and selecting Personalize.
This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page.
Error
