Restrict Copy\Paste from Remote server to local Machine

PLEASE DON’T TRY IT IN PRODUCTION AT ALL.

When you work in the organization, where data is much sensitive and needs more security, As a IT person, its your duty to come forward and take the responsibility to secure every bit of the data which is being transfer in and out within your network.

Today, we will take an example of one very small but important security setting which most of the companies would like to take in. However it depends upon the policies of the companies.

In most of the environment, we need to provide remote access to most of the critical servers to our users to perform their daily assigned tasks. These servers can contain very much sensitive information in the form of any format i.e notepad, word or any other you can imagine. in this case, to prohibit data theft, we need to apply many settings and one of them is given below.

Scenario:- Server RDC2 is a production server in notjustlab company and it is used to do lot of daily transactions. This server contains notepad files with sensitive data. But on the other hand we need to give this server to the users who have to complete their daily tasks.

Management decided to stop copy\paste facility from the remote session server to the local laptop\desktop to make sure that nothing is being transferred from remote server to the local workstation.

IT administrator planned to get this done by setting up a group policy. lets see how he did it.

Login to the server (Here it is RDC2) with administrative rights.

Go to run and type gpedit.msc and press enter.

It will open up group policy editor windows.

Under the computer configuration, You need to click on administrative Templates

Then windows component and then you will find REMOTE DESKTOP SERVICES

Then click on Remote Desktop Connection Host node

You will see DEVICE AND RESOURCE REDIRECTION Folder, Click on that.

And here we are. We will a setting called DO NOT ALLOW CLIPBOARD REDIRECTION.

By default, it will be in “Not configured” state.

Double Click on it. And chose Enabled option. Click on Apply and Okay. See below:-

By default group policy take around 15 min to freshen up and it can vary as per your domain or network size and bandwidth. But to see effect early, you may use following command:-

go to cmd and type: gpupdate /force and then press enter.

It should probably update the policy. If you still don’t see impact. you need to reboot server.

Now once the group policy is freshen up, it starts working as we expect to see. Now when you will remote the RDC2 server , you won’t be able to copy the file to your local workstation. It will disable the paste option & vise versa.

Remote server RDC2

Local Client Machine

and this can be implemented domain wide. Although here is an example for one server only.

Thank you for reading………………………

notjustlab.com