Solved

How to secure remote desktop from screen capture or other data retrieval

Posted on 2008-10-20
7
1,685 Views
Last Modified: 2013-11-21
I'm wondering if it's possible to secure a terminal server to keep the connected user from being able to take screenshots or use other methods of visually recording or printing data.  We are trying to keep strict control of the content viewed in a particular application and are researching different methods of securing that information.

One thought was to find a way to force the remote desktop connection to stay in full screen and disable any clipboard transfer and devices.  Is this possible with Windows Server 2003 or 2008?
0
Comment
Question by:techoutfit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
dacselat earned 125 total points
ID: 22764238
At the client: You can create this register key:

HKLM\SOFTWARE\Microsoft\Terminal Server Client\DisableClipboardRedirection = 1
(Type: REG_DWORD)

It disable the clipboard copy between client and server.

0
 

Author Comment

by:techoutfit
ID: 22764252
I've noticed that you can disable this on the server side too.  That helps some but it seems just as easy for someone to restore the window (so it's not fullscreen anymore) and take a screen capture that way.  Any way we can avoid this?
0
 
LVL 6

Expert Comment

by:Gunter17
ID: 22764312
Do you have control of the remote workstations? Are they casual workstations running just this app when necessary, or dedicated PCs?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:techoutfit
ID: 22764320
We are a third party providing the server, not necessarily the workstations.  We could provide/require third-party software to connect to our server if it would accomplish our goal.
0
 
LVL 6

Assisted Solution

by:Gunter17
Gunter17 earned 125 total points
ID: 22764353
This is interesting..

http://www.msterminalservices.org/articles/Customizing-Microsoft-RDP-Client-Part1.html

Maybe roll-out a customized RDP client with the top bar disabled?

I cant think of a way to allow only connections by your customized client though..
0
 

Author Comment

by:techoutfit
ID: 22970704
Go ahead and split the points.  What it came down to is it needed to be approached from a policy standpoint, not a technical standpoint.  Since we cannot control the physical aspects of end users, it would be an unwinnable battle to try to block every method of copying data.  No matter what we do, a user could (at worst) take a picture of the screen with a camera.  

Thanks for all of the feedback.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question