Enable / Disable Copy-Paste Policy
How to Disable Copy and Paste in Windows: For Local Machines and VMs
Copy and paste functionality can be a major security risk.
It allows unauthorized data transfer between a local machine and a Virtual Machine (VM), potentially exposing sensitive information or violating security protocols. This is especially critical in environments where compliance with strict data protection policies is required.
The solution? Disable copy and paste for all users.
Whether you’re managing a team or ensuring your VM stays secure, this guide will walk you through step-by-step instructions for disabling clipboard redirection. You’ll learn how to block copy and paste for all users, including administrators, using the Windows Group Policy Editor.
How to Disable Copy and Paste for All Users
To disable copy and paste between a local machine and a Virtual Machine (VM), you’ll need to adjust settings in the Windows Group Policy Editor. This process ensures all users, including administrators, cannot transfer data through clipboard redirection.
Method 1: Using Group Policy Editor (GPO)
Step 1: Open Group Policy Editor
Press
Win + R, typegpedit.msc, and press Enter.Navigate to the following path:
|-> Computer Configuration | |-----> Administrative Templates | |--------> Windows Components | |-----------> Remote Desktop Services | |---------------> Remote Desktop Session Host | |--------------------> Device and Resource Redirection
Step 2: Configure the Clipboard Redirection Policy
Find the policy "Do not allow clipboard redirection".
To Disable Copy-Paste (Block):
Double-click the policy.
Select Enabled.
Click Apply > OK.
To Enable Copy-Paste (Allow):
Double-click the policy.
Select Disabled or Not Configured.
Click Apply > OK.
One way to prevent users from copying files from a remote desktop session is to disable drive redirection. This can be done by following these steps:
Open the Local Group Policy Editor by typing "gpedit.msc" in the Run dialog box (press Windows key + R to open the Run dialog box).
Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
Double-click the "Do not allow drive redirection" policy setting.
Select "Enabled" and click "OK".
Step 3: Apply Changes
Open Command Prompt or PowerShell and run:
gpupdate /forceRestart the Remote Desktop Session Host or the server for the changes to take effect.
Method 2: Using Windows Registry
Step 1: Open Registry Editor
Press
Win + R, typeregedit, and press Enter.
Step 2: Navigate to the Registry Path
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesStep 3: Create or Edit the Key
Create a DWORD (32-bit) Value named "fDisableClipboard" if it doesn’t exist.
Set the Value:
1— To Disable copy-paste (Block).0— To Enable copy-paste (Allow).
Click OK and close the Registry Editor.
Method 3: Using Remote Desktop Services (RDS)
For environments using RDS, follow these steps:
Open Server Manager.
Go to Remote Desktop Services > Collections.
Select your Session Collection.
Click Tasks > Edit Properties.
Under the Client Settings tab:
Uncheck Clipboard to Disable copy-paste.
Check Clipboard to Enable copy-paste.
Click Apply > OK.
Method 4: Using PowerShell (Script-Based Approach)
You can automate this with PowerShell:
To Disable Copy-Paste:
Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "fDisableClip" -Value 1To Enable Copy-Paste:
Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "fDisableClip" -Value 0Restart RDP service to apply changes:
Restart-Service TermService -ForceMethod 5: Disable Copy-Paste in RDP Client (Local Machine)
For individual users connecting to the server:
Open Remote Desktop Connection (mstsc).
Click Show Options > Local Resources tab.
Uncheck Clipboard under "Local devices and resources".
Click Connect.
REFERENCES
Last updated
Was this helpful?