Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1887
  • Last Modified:

How to secure remote desktop from screen capture or other data retrieval

I'm wondering if it's possible to secure a terminal server to keep the connected user from being able to take screenshots or use other methods of visually recording or printing data.  We are trying to keep strict control of the content viewed in a particular application and are researching different methods of securing that information.

One thought was to find a way to force the remote desktop connection to stay in full screen and disable any clipboard transfer and devices.  Is this possible with Windows Server 2003 or 2008?
0
techoutfit
Asked:
techoutfit
  • 3
  • 2
2 Solutions
 
dacselatCommented:
At the client: You can create this register key:

HKLM\SOFTWARE\Microsoft\Terminal Server Client\DisableClipboardRedirection = 1
(Type: REG_DWORD)

It disable the clipboard copy between client and server.

0
 
techoutfitAuthor Commented:
I've noticed that you can disable this on the server side too.  That helps some but it seems just as easy for someone to restore the window (so it's not fullscreen anymore) and take a screen capture that way.  Any way we can avoid this?
0
 
Gunter17Commented:
Do you have control of the remote workstations? Are they casual workstations running just this app when necessary, or dedicated PCs?
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 
techoutfitAuthor Commented:
We are a third party providing the server, not necessarily the workstations.  We could provide/require third-party software to connect to our server if it would accomplish our goal.
0
 
Gunter17Commented:
This is interesting..

http://www.msterminalservices.org/articles/Customizing-Microsoft-RDP-Client-Part1.html

Maybe roll-out a customized RDP client with the top bar disabled?

I cant think of a way to allow only connections by your customized client though..
0
 
techoutfitAuthor Commented:
Go ahead and split the points.  What it came down to is it needed to be approached from a policy standpoint, not a technical standpoint.  Since we cannot control the physical aspects of end users, it would be an unwinnable battle to try to block every method of copying data.  No matter what we do, a user could (at worst) take a picture of the screen with a camera.  

Thanks for all of the feedback.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now