How to secure remote desktop from screen capture or other data retrieval

I'm wondering if it's possible to secure a terminal server to keep the connected user from being able to take screenshots or use other methods of visually recording or printing data.  We are trying to keep strict control of the content viewed in a particular application and are researching different methods of securing that information.

One thought was to find a way to force the remote desktop connection to stay in full screen and disable any clipboard transfer and devices.  Is this possible with Windows Server 2003 or 2008?
techoutfitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dacselatCommented:
At the client: You can create this register key:

HKLM\SOFTWARE\Microsoft\Terminal Server Client\DisableClipboardRedirection = 1
(Type: REG_DWORD)

It disable the clipboard copy between client and server.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techoutfitAuthor Commented:
I've noticed that you can disable this on the server side too.  That helps some but it seems just as easy for someone to restore the window (so it's not fullscreen anymore) and take a screen capture that way.  Any way we can avoid this?
0
Gunter17Commented:
Do you have control of the remote workstations? Are they casual workstations running just this app when necessary, or dedicated PCs?
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

techoutfitAuthor Commented:
We are a third party providing the server, not necessarily the workstations.  We could provide/require third-party software to connect to our server if it would accomplish our goal.
0
Gunter17Commented:
This is interesting..

http://www.msterminalservices.org/articles/Customizing-Microsoft-RDP-Client-Part1.html

Maybe roll-out a customized RDP client with the top bar disabled?

I cant think of a way to allow only connections by your customized client though..
0
techoutfitAuthor Commented:
Go ahead and split the points.  What it came down to is it needed to be approached from a policy standpoint, not a technical standpoint.  Since we cannot control the physical aspects of end users, it would be an unwinnable battle to try to block every method of copying data.  No matter what we do, a user could (at worst) take a picture of the screen with a camera.  

Thanks for all of the feedback.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.