The need to disable the system command line functionality on the agent is critical.
While this can be turned "off" and "on" on the account level, the functionality still exists so that if someone did take over an account they could take over multiple servers. This is critical for security.
We need to have an option on the server agent that prevents the CLI no matter what setting is on the account.
Yes, we need to disable any actions (command line or automations) by a configuration file on the server agent itself. This way there is no possibility of a compromise form this vector as the agent will not accept any commands no matter what.
Thanks for confirming on your requirement. We shall take this up and update this thread once the feature is live.