How to prevent copying files from remote desktop session

Hello    JCM_738，

Thank you for posting in Microsoft Community forum.

One way to prevent users from copying files from a remote desktop session is to disable drive redirection. This can be done by following these steps:

1. Open the Local Group Policy Editor by typing "gpedit.msc" in the Run dialog box (press Windows key + R to open the Run dialog box).
2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
3. Double-click the "Do not allow drive redirection" policy setting.
4. Select "Enabled" and click "OK".

This will prevent users from accessing their local drives from the remote desktop session, and thus prevent them from copying files to or from the remote desktop session. Note that this will also prevent users from accessing any other resources that are redirected, such as printers or USB devices.

Another way to prevent file copying is to restrict user permissions on the server. You can create a new user group and remove the "Read & Execute", "List Folder Contents", and "Read" permissions for that group on the folders you want to protect. This will prevent users from accessing those folders and copying files from them.

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Haijian Shan

Hello    JCM_738，

 

Thank you for posting in Microsoft Community forum.

 

One way to prevent users from copying files from a remote desktop session is to disable drive redirection. This can be done by following these steps:

1. Open the Local Group Policy Editor by typing "gpedit.msc" in the Run dialog box (press Windows key + R to open the Run dialog box).
2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
3. Double-click the "Do not allow drive redirection" policy setting.
4. Select "Enabled" and click "OK".

This will prevent users from accessing their local drives from the remote desktop session, and thus prevent them from copying files to or from the remote desktop session. Note that this will also prevent users from accessing any other resources that are redirected, such as printers or USB devices.

Another way to prevent file copying is to restrict user permissions on the server. You can create a new user group and remove the "Read & Execute", "List Folder Contents", and "Read" permissions for that group on the folders you want to protect. This will prevent users from accessing those folders and copying files from them.

I hope the information above is helpful.

 

If you have any question or concern, please feel free to let us know.

 

Best Regards,

Haijian Shan

Hi Hajian,

Thanks for this I was searching for solution to a similar problem. I want to let a remote user RDP in to his enterprise domain joined PC and use the files in network folder on the domain controller AD server. From what I understand the setting you suggested is to be applied to his own PC and not the domain controller. What if I want to instead control it through the GPO in Domain Controller?