search

toggle-onEnable / Disable Copy-Paste Policy

hashtag
How to Disable Copy and Paste in Windows: For Local Machines and VMs

Copy and paste functionality can be a major security risk.

It allows unauthorized data transfer between a local machine and a Virtual Machine (VM), potentially exposing sensitive information or violating security protocols. This is especially critical in environments where compliance with strict data protection policies is required.

The solution? Disable copy and paste for all users.

Whether you’re managing a team or ensuring your VM stays secure, this guide will walk you through step-by-step instructions for disabling clipboard redirection. You’ll learn how to block copy and paste for all users, including administrators, using the Windows Group Policy Editor.

hashtag
How to Disable Copy and Paste for All Users

To disable copy and paste between a local machine and a Virtual Machine (VM), you’ll need to adjust settings in the Windows Group Policy Editor. This process ensures all users, including administrators, cannot transfer data through clipboard redirection.

hashtag
Method 1: Using Group Policy Editor (GPO)

hashtag
Step 1: Open Group Policy Editor

  1. Press Win + R, type gpedit.msc, and press Enter.

  2. Navigate to the following path:

    |-> Computer Configuration 
|
|-----> Administrative Templates 
|
|--------> Windows Components 
|
|-----------> Remote Desktop Services 
|
|---------------> Remote Desktop Session Host 
|
|--------------------> Device and Resource Redirection

hashtag
Step 2: Configure the Clipboard Redirection Policy

  1. Find the policy "Do not allow clipboard redirection".

  2. To Disable Copy-Paste (Block):

    • Double-click the policy.

    • Select Enabled.

    • Click Apply > OK.

  3. To Enable Copy-Paste (Allow):

    • Double-click the policy.

    • Select Disabled or Not Configured.

    • Click Apply > OK.

circle-check

One way to prevent users from copying files from a remote desktop session is to disable drive redirection. This can be done by following these steps:

  1. Open the Local Group Policy Editor by typing "gpedit.msc" in the Run dialog box (press Windows key + R to open the Run dialog box).

  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.

  3. Double-click the "Do not allow drive redirection" policy setting.

  4. Select "Enabled" and click "OK".

hashtag
Step 3: Apply Changes

  1. Open Command Prompt or PowerShell and run:

  2. Restart the Remote Desktop Session Host or the server for the changes to take effect.

hashtag
Method 2: Using Windows Registry

hashtag
Step 1: Open Registry Editor

  1. Press Win + R, type regedit, and press Enter.

hashtag
Step 2: Navigate to the Registry Path

hashtag
Step 3: Create or Edit the Key

  1. Create a DWORD (32-bit) Value named "fDisableClipboard" if it doesn’t exist.

  2. Set the Value:

    • 1 — To Disable copy-paste (Block).

    • 0 — To Enable copy-paste (Allow).

  3. Click OK and close the Registry Editor.

hashtag
Method 3: Using Remote Desktop Services (RDS)

For environments using RDS, follow these steps:

  1. Open Server Manager.

  2. Go to Remote Desktop Services > Collections.

  3. Select your Session Collection.

  4. Click Tasks > Edit Properties.

  5. Under the Client Settings tab:

    • Uncheck Clipboard to Disable copy-paste.

    • Check Clipboard to Enable copy-paste.

  6. Click Apply > OK.

hashtag
Method 4: Using PowerShell (Script-Based Approach)

You can automate this with PowerShell:

  • To Disable Copy-Paste:

  • To Enable Copy-Paste:

  • Restart RDP service to apply changes:

hashtag
Method 5: Disable Copy-Paste in RDP Client (Local Machine)

For individual users connecting to the server:

  1. Open Remote Desktop Connection (mstsc).

  2. Click Show Options > Local Resources tab.

  3. Uncheck Clipboard under "Local devices and resources".

  4. Click Connect.

hashtag
REFERENCES

PreviousCreate a Logon Banner (Legal Notice)NextDisable Shutdown, Restart Options

Last updated