Copy and paste from Remote App but not Remote Desktop?

Forums › Microsoft Windows › Copy and paste from Remote App but not Remote Desktop?

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#293609 2-Feb-2022 10:59

I have a situation that I'm not having much luck finding a solution.

We have a Remote Desktop Server (Windows 2019) that users access from home often generally from there own personal computers. For security it is access via a VPN with MFA authentication, and the only traffic allowed for those users is RDP to that server. All other network access is blocked. To prevent the possibility of virus infection from these BYOD devices all redirection is disabled in the RDP sessions (e.g drives, clipboard, ports, printers, etc).

The issue is that we also have users with company issued domain joined devices. They also connect via VPN with MFA, but have more network access and don't require full Remote desktop Access to this server, but do use a Remote App hosted on the server. We'd like these users to be able to copy and paste to and from the Remote App, but they are unable to because of the above policy disabling it for the full RDP users.

Is there a way to redirect the clipboard for a Remote App , but have it disabled for full Remote Desktop sessions to the same server?

Thanks

Home: Work:
Home Work

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#2861063 3-Feb-2022 09:38

OK, so I've found a workable solution by setting a policy and applying to user groups so I can configure groups that can redirect the clipboard while being disallowed for others.

BUT... now I've run into another issue. For the enabled users they can only copy and paste text, but not files. Google has found a couple of people who've run into this issue, but no solutions. Everything I read says the redirected clipboard is an on/off setting and doesn't discriminate between text and files. I thought it might be a limit somewhere on the amount of data the clipboard can transfer, but it won't even work for a tiny 1 byte file; yet still allows it for pages and pages of text.

Other servers running the same build of Windows that don't have the RDS role installed have no problem copying and pasting files in and out of RDP.

Has anyone come across this with a 2019 RDS?

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#2861153 3-Feb-2022 10:51

Found the problem, but doesn't make sense. You need to have Drive Redirection allowed on the session host in order for files to be copied in and out of the remote session even via the clipboard. You don't have to turn the setting on in the client to show the mapped drives, but it has to be allowable on the Session Host. This is problematic because if I allow this then all users can map their local drives to the RD session, regardless of the clipboard policy (it's a computer policy, not a user policy).

According to the policy description, drive redirection shouldn't have to be allowable to copy files via the clipboard for Windows 10 clients:

Policy: Do not allow drive redirection

If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.

The bolded portion certainly implies that clipboard file copy should still work for Windows 7, Windows 10, and (presumably) Windows 11 - even with the policy applied.