Most users do not need to access DOS. The ability to use DOS usually complicates support, and skilled DOS users have plenty of opportunity to change parts of the configuration. Access to DOS, therefore, represents a reduction in the level of security. Many terminal emulators make it possible to access DOS by pressing a shortcut key, so we cannot be sure that users only authorized for a terminal emulator are not also using DOS. If the security level of an IT system requires that users are not prohibited from unrestricted use of DOS, the access control system must provide a corresponding function. A large number of access control products on the market provide a function preventing access to DOS from terminal emulators (including DOS emulators) and from within Windows.

http//www.softheap.com