An adversary with standard user credentials that can boot into Microsoft Windows using Safe Mode, Safe Mode with Networking or Safe Mode with Command Prompt options may be able to bypass system protections and security functionality. To reduce this risk, users with standard credentials should be prevented from using Safe Mode options to log in.

The following registry entry can be implemented using Group Policy preferences to prevent non-administrators from using Safe Mode options.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

SafeModeBlockNonAdmins

REG_DWORD 0x00000001 (1)

Taken from : https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-windows-10-version-21h1-workstations

Added in release v1.0.18 and commit 0bf49dc