Hey everyone! I'm working with a standalone RDS server and I'm looking to completely restrict any ability for users to redirect, copy and paste, or transfer files during RDP sessions. The server currently has a firewall allowing only port 3389 between VLANs.
I've found the "Device and Resource Redirection" settings under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Remote Desktop Services** > **Remote Desktop Session Host**. However, I'm wondering if there are any other settings or policies I need to consider. Since we want to prevent users from editing .rdp files to enable these features, I'm looking for the best way to enforce this on the host. We're using Windows Server 2022 or 2025.
2 Answers
You’re right to focus on server-side settings; those will override any client-side tweaks. If you've got policies set in the session host group, that should effectively block any redirecting features. Just remember that users might still find ways to capture screens or photos, so keep an eye out for that.
Make sure to configure the settings for user permissions as well. Besides disabling redirection in the RDP settings, I recommend publishing the apps as remote apps if users only need access to a couple of programs. This keeps things tighter. Also, consider disabling the clipboard for those users and hide access to the C: drive and other disks. You can manage these settings through group policies too! Just a heads-up, if you're using port 3389 externally, be cautious with that exposure.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures