One of the neat things about users connecting to virtual sessions within an RDS environment, especially when connecting remotely, is local resource redirection. This feature enables the users to have access to things that are local to where they are sitting, from inside their virtual session, such as the clipboard, so that copy and paste functions will work between local computer and RDS session and drive redirection so that you can save documents back and forth between the local hard drive and the RDS session. One of the most common uses of resource redirection is printers so that users can print from inside their RDS session, which is sitting on a server in the corporate network, directly to a printer on the local network where they are connected. An example could be someone needing to print a work document on a home printer.
This redirection technology can be very helpful but is often not desirable from a security and policies standpoint. Many organizations have a written security policy, which dictates that corporate data must remain within the corporate network and cannot move outside. Most often I see this in medical environments, where strict standards are in place to make sure data stays private and secure. This means that data cannot be copied and pasted to the local computer, documents cannot be saved outside the RDS session, and printing documents is also often not allowed.
While it may be disappointing that you cannot use these functions if your security policy dictates it, thankfully disabling redirection is an easy thing to accomplish. Follow along to learn where these settings reside.
We are logged into our Server 2016 RDSH server. This server is hosting some sensitive information and we want to make sure that users cannot save documents to their local computers, cannot print documents to local printers, and cannot copy/paste within the clipboard in order to move data from the RDS session to their local computers.
Follow along to disable these redirection features on our RDSH collection:
Providing users with the capability of moving data back and forth between their local computers and RDS sessions sounds like a great feature, but is often less than desirable. With some simple checkboxes, we can disable these capabilities wholesale so that you can adhere to security policies and make sure sensitive data remains protected. Once you are familiar with the location of these settings, the enablement or disablement of them is intuitive and easy to accomplish. What is even better is that these settings can be changed at any time; it doesn't have to be a decision made while the RDS environment is being built. If you make the decision down the road to turn some of these options on or off, you can make these changes at any time to a production RDS.
3.137.174.147