- Windows 11 taskbar: remove chat icon, customize search field with Group Policy - Tue, Oct 3 2023
- Allow non-admins to access Remote Desktop - Thu, Sep 28 2023
- Which WSUS products to select for Windows 11? - Tue, Sep 26 2023
A multilevel clipboard that can hold many objects is a big step forward compared to the simple version, in which each new entry overwrites the old one. With the key combination Win + V, you can display the list of all stored data and paste it with a mouse click into the application that currently has the focus.
However, this convenience can also be used for unwanted purposes. Since entries can be permanently pinned to the clipboard, users might store passwords there so they can directly paste them into applications. Such a "password manager" is obviously a security risk.
The clipboard becomes even more of a problem when users synchronize copied content with other devices via the cloud. In this way, sensitive data can easily leak out of the company.
The cloud clipboard and its functions can be configured in the settings app under System > Clipboard. By activating Clipboard history, you can allow multiple items to be stored on the clipboard. However, it is not possible to disable pinning entries.
In addition, synchronization with other devices can be activated here, and you can delete the current content from there.
Management via Group Policy
These two settings from the app can also be controlled centrally via group policies and thus cannot be changed by users. They can be found under Computer Configuration > Policies > Administrative Templates > System > Operating System Policies.
With Allow Clipboard History, you can determine whether users are able to save multiple entries or the clipboard should behave the traditional way.
Allow clipboard synchronization across devices: By disabling this setting, you can block the cloud feature.
With Windows 11 2022, another setting was added that affects the behavior of the clipboard for Remote Desktop. If you enable the redirection of the clipboard from the remote session to the client in the RDP client, then copied elements will not be transferred to the local cloud clipboard by default.
You can change this using Disable Cloud Clipboard integration for server-to-client data transfer, located under Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client. By disabling the policy, you allow clipboard data exchange between the session host and the client device.
Management via PowerShell
In version 5.0, PowerShell received two cmdlets for accessing the clipboard: Get-Clipboard and Set-Clipboard. They also work with the cloud clipboard but are not able to change the two settings described.
In addition, Get-Clipboard can only read the last entry from history. Set-Clipboard at least manages to append new items without deleting the entire history.
If you still want to customize the two settings for the cloud clipboard via PowerShell, you can do so by writing the corresponding keys in the registry. These are of type DWORD and are called AllowClipboardHistory and AllowCrossDeviceClipboard, respectively:
New-ItemProperty -Name AllowClipboardHistory -Value 0 -PropertyType DWORD ` -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
The configuration of AllowCrossDeviceClipboard follows the same pattern. A value of 0 disables the respective feature.
The convenience of an extended clipboard is offset by risks from unwanted usage. Synchronization to other devices via the cloud can lead to data leaks.
The group policies therefore offer two settings that can be used to disable both features and reduce the clipboard to classic behavior. An option that controls data exchange for Remote Desktop was recently added.
Subscribe to 4sysops newsletter!
PowerShell currently does not offer cmdlets tailored to the new clipboard. The two settings mentioned can only be configured by directly modifying the registry.