Alright since I have skipped nearly the whole month, I need to buzz something at least. The tittle isn't that real, I mean I'm bored with black hack stuff at my age anyway, so this one is too obvious, legal and easy too.
How to bypass CMD restriction? Well, by using another compatible cmd of course, like the open source ReactOS (wine?) cmd.exe replacement from the ISO file (version 0.3.14 works with XP and 7). However the problem soon arise when COMSPEC get tangled in the way, for example standard system() call will still use system-wide COMSPEC (not session one). So things like for /f ... ('command') do ... wont work since it will ask blocked system's cmd.exe to launch something a.k.a %windir%\system32\cmd.exe /c bla bla.
I stumble on this case when I use my previous 7z-sfx wrapper for bat files. So I decide to put ReactOS's cmd.exe inside the sfx as workaround.
That also apply to regedit restriction which ReactOS also has the replacement, but of course there is no "such restriction" to just access registry whatsoever.