Disable copy or cut and paste completely

[Guest]

Is it possible on a windows based systems to turn off or disable completely
the copy and paste function, no matter what program is being displayed on the
screen.

 

[Ian]

Why turn it off, if you don't use it, it does nothing. Your are in charge of
the computer not the other way round
..

 

[NotMe]

maybe other people use it and the owner isn't over their shoulder every
minute...

 

[Ian]

What a strange idea, you have a computer use by more than one person and you
want to stop one minor function?

 

[Andrew McLaren]

Is it possible on a windows based systems to turn off or disable
completely
the copy and paste function, no matter what program is being displayed on
the

You cannot do this for Windows as a whole (and even if you did, users could
just use a Print-Screen instead, to pass on restricted data). But you can do
it for specific applications: the key technology is Windows Rights
Management Services ("RMS"). See
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

If you have an application which can take part in an RMS infrastructure,
then you can indeed configure policies to selectively permit or prevent
cut-n-paste, etc, to specific users and groups; or disallow cut-n-paste
altogether, in that application.

Microsoft Office is the most common app which can plug into RMS. Once it is
all set up, it is extremely effective ... you really want to cut-n-paste
confidential info from that juicy email or Word document; but dammit, you
just can't! You also cannot forward protected emails, etc.

There is a public SDK, so anyone can write an application which subscribes
to RMS and restrict access to the app's data. However if you have a legacy
application (ie, an already-existing application) which you cannot
re-engineer, then I think you are kind of stuck. You may need to approach
the security question from a non-computer perspective, such as HR policies,
etc.

You might also take a look at Software Restriction Policies ("SRP"), a
similar security feature in Windows. SRP won't stop users from cutting and
pasting, as such; but it does let you create a very controlled environment.
You can stop users from doing many things you don't want them to. See:
http://technet2.microsoft.com/Windo...e57c-4dcc-8a5a-8d1da9e4d1fe1033.mspx?mfr=true

Hope it helps,

 

[Ian Betts]

Wow thanks Andrew.



--
Ian

You cannot do this for Windows as a whole (and even if you did, users
could just use a Print-Screen instead, to pass on restricted data). But
you can do it for specific applications: the key technology is Windows
Rights Management Services ("RMS"). See
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

If you have an application which can take part in an RMS infrastructure,
then you can indeed configure policies to selectively permit or prevent
cut-n-paste, etc, to specific users and groups; or disallow cut-n-paste
altogether, in that application.

Microsoft Office is the most common app which can plug into RMS. Once it
is all set up, it is extremely effective ... you really want to
cut-n-paste confidential info from that juicy email or Word document; but
dammit, you just can't! You also cannot forward protected emails, etc.

There is a public SDK, so anyone can write an application which subscribes
to RMS and restrict access to the app's data. However if you have a legacy
application (ie, an already-existing application) which you cannot
re-engineer, then I think you are kind of stuck. You may need to approach
the security question from a non-computer perspective, such as HR
policies, etc.

You might also take a look at Software Restriction Policies ("SRP"), a
similar security feature in Windows. SRP won't stop users from cutting and
pasting, as such; but it does let you create a very controlled
environment. You can stop users from doing many things you don't want them
to. See:

http://technet2.microsoft.com/Windo...e57c-4dcc-8a5a-8d1da9e4d1fe1033.mspx?mfr=true

Hope it helps,

 

[Guest]

Thanks that helps, because i do need to stop as much of it as I can. I do
have print auditing software to capture screen prints that are ouputed to a
printer or other devices. Thanks again!

 

[Guest]

for security reasons

Why turn it off, if you don't use it, it does nothing. Your are in charge of
the computer not the other way round
..

 

[Guest]

thats correct

maybe other people use it and the owner isn't over their shoulder every
minute...

 

[Guest]

yes for security reasons

What a strange idea, you have a computer use by more than one person and you
want to stop one minor function?

 

[Andrew McLaren]

Thanks that helps, because i do need to stop as much of it as I can. I do
have print auditing software to capture screen prints that are ouputed to
a
printer or other devices. Thanks again!

I'm hoping your machines are in an Active Directory domain? If so, you also
have another tool on hand, Group Policies.

If you want to control rogue printing, you'll probably want to control
things like USB keys as well (so users don't put sensitive data on a USB key
and then walk out the building with it). In previous version of Windows it
has been possible to control USB and other external devices, but it has
always been a bit kludgy. In Windows Vista there is a policy specifically to
restrict Devices:
http://www.microsoft.com/technet/windowsvista/library/9fe5bf05-a4a9-44e2-a0c3-b4b4eaaa37f3.mspx

Group Policies can also prevent users attaching rogue local printers direct
to a workstation, to bypass departmental print servers (which may be
monitored).

So in summary you have 3 complementary forms of control:
- Rights Management Server; controls use of data in RMS-enabled
applications, esp Office.
- Software Restriction Policies, controls what software users can run.
- Group Policies; approx 2,500 configurable settings to control the users'
total Windows environment.

Lots of 3rd party security add-ons are available for Windows. But with a
little planning, you can use these built-in facilities to configure a
Windows network sufficient to meet most government and military security
standards, eg ISO/IEC 15408 Common Criteria, etc. Which is pretty secure.