This article details the steps to disable task manager using Intune (MEM). With Intune, you can create a policy and prevents users from starting Task Manager on Windows computers.
The Intune Settings catalog makes it easier for MEM Admins to add, configure, customize and manage device and user policy settings.
With Settings catalog, you can choose which settings you want to configure. You just have to click on Add settings to browse or search the catalog for the settings you aim to configure.
There are multiple ways to disable task manager on Windows computers. If your devices are managed by Intune MDM, you can easily remove task manager access by creating a profile.
Before we create and deploy a policy to remove task manager using Intune, let’s see the reasons for restricting the access to task manager for users.
Reasons for Restricting Task Manager with Intune
If task manager is so useful, then why disable it for users? Ideally, in most organizations the task manager is allowed, but some organizations prefer to disable the task manager for users. When you restrict access to task manager, users cannot launch task manager, and it is completely blocked.
Task Manager utility shows you the programs, processes, and services that are currently running on your computer. You can use Task Manager to monitor your computer’s performance or to close a program that is not responding.
Task Manager can also be used to end a running process, launch programs, restart Windows services etc. Hence, some organizations prefer to disable task manager for users as they want to restrict users performing certain actions using task manager.
One of our customers were looking to disable task manager for a set of users, and they wanted to restrict access to task manager for their employees. Well, this can be done with Intune with few simple steps.
How to Disable Task Manager using Intune
Let’s see how to disable or remove task manager using Intune.
- First, sign in to the Microsoft Endpoint Manager admin center.
- Go to Devices > Windows > Configuration Profiles.
- On Windows Configuration Profiles window, select Create Profile.
On the Create a Profile window, select Platform as Windows 10 and later. Select profile type as Settings catalog. Click Create.
On the Basics tab, specify the name of the profile as Remove access to task manager or disable task manager access, and you may add a profile description. Click Next.
On the Configuration Settings section, under Settings Catalog, click Add Settings.
On the Settings picker window, type “Task Manager” in the search box and click Search. From the search results, select Administrative Templates\System\Ctrl+Alt+Del Options. Now select Remove Task Manager (User) setting.
Remove Task Manager (User): This policy setting prevents users from starting Task Manager. If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears Task Manager has been disabled by your administrator.
To disable task manager access for users managed by Intune, you have to enable the policy setting “Remove Task Manager (user)“. Click Next to continue.
On the Assignments window, specify the groups to which you want to target this policy. Click Add groups and select a user group for whom you want to disable task manager access. Click Next.
In Intune, Scope tags determine which objects admins can see. On the Scope tags section, you specify scope tags. Click Next.
On the Review + Create section, review all the settings defined to block task manager access and select Create.
After you create a device configuration policy in Intune, a notification appears “Policy created successfully“. This confirms the policy is created and is being applied to groups that we selected.
After you have successfully deployed the Intune policy to restrict access to task manager, let’s check if the task manager is disabled for users.
Log in to a device managed by Intune and right-click on the task bar. You’ll immediately notice that Task Manager option has been disabled or grayed out.
If you attempt to launch Task Manager using Ctrl+Alt+Del or via Taskmgr command, you will see Task Manager has been disabled by your administrator error. This confirms that with Intune you can disable task manager for users.