Attackers are using social engineering to get users to copy, paste, and run malicious scripts — all while thinking they are helping out the IT team.
Hot take: to Most windows users (not you) probably shouldn’t be able to access power shell or cmd.exe at all.
The stupid thing is you can’t reenter S mode once you’ve left.
Family member needed printer software that wasn’t on MS Store, so I told them we’d need to drop S mode to get it, which meant reducing security. Now I have to be the defacto IT person and the security team for them.
That’s not a hot take, that’s empirical fact: https://lifehacker.com/this-chart-shows-how-computer-literate-most-people-are-1789761598
Shit like that is how you got here in the first place. To make computers easy enough to be fool proof is to make them nearly useless and requires someone to administer the system (even if that someone is the genius bar at apple.)
The issue isn’t access, its literacy. This shit was acceptable 20-30 years ago. But we’re at the point where everyone who’s at working age has spent most of if not all of their adult life at a time where basic computer use was considered a standard skillset.
Now that mobile OS’s have been the norm for a decade or so, we have comp sci students who can’t even navigate a fucking file explorer despite growing up on the internet.
Hand-holding design is a positive-feedback loop.
That being said you should probably disable, or at least severely limit their use for standard users in a corporate environment via group policy.