How do I disable the clipboard in Windows XP

[Guest]

I need to disable the clipboard function in Windows XP. We are having a
problem with users using CTRL+C in one program, then using CTRL+V in another.
Specifically, they type their password into notepad, copy it to the
clipboard, then paste it in another program. The other program runs on
Windows XP. Obviously, the correct answer is to have the creators of the
other program to disable pasting in a password field, but they are reluctant
to change it.

Is there a registry key or a group policy setting that can disable the copy
and paste functionallity for Windows XP Pro? If we knew if this existed, we
could generate a script to run to disable the clipboard when the user logs
onto the computer.

 

[C-Services Holland b.v.]

Michael 03 schreef:

I need to disable the clipboard function in Windows XP. We are having a
problem with users using CTRL+C in one program, then using CTRL+V in another.
Specifically, they type their password into notepad, copy it to the
clipboard, then paste it in another program. The other program runs on
Windows XP. Obviously, the correct answer is to have the creators of the
other program to disable pasting in a password field, but they are reluctant
to change it.

Is there a registry key or a group policy setting that can disable the copy
and paste functionallity for Windows XP Pro? If we knew if this existed, we
could generate a script to run to disable the clipboard when the user logs
onto the computer.

Why are they even entering their password this way. Why don't they type
their password directly into the password box? I haven't seen anyone do
this ever. Why is this even a problem for you? Disabling the clipboard
will probably cause a heap of problem since no copy/paste operations
will work anymore. Some programs use the clipboard internally to do stuff.

Rinze

 

[Guest]

They use the clipboard method to reduce their typing. The program is one
that requires a user id and password to confirm who is completing an action.
In a normal workday, a user would enter their id/password ~50-80 times. We
allow using a barcode and scanner for the username (since they are known to
everyone anyway). The password is used to confirm the user is actually who
they say they are (assuming they haven't shared their password).

Maybe a better question would be how could we disable CTRL+V functionallity.
That way the clipboard remains intact for programs to use internally, but
users would not be able to paste using CTRL+V. This would meet our needs.
These workstations are only running the one program.

 

[Tom Dacon]

Why are they even entering their password this way. Why don't they type

their password directly into the password box? I haven't seen anyone do
this ever. Why is this even a problem for you? Disabling the clipboard
will probably cause a heap of problem since no copy/paste operations will
work anymore. Some programs use the clipboard internally to do stuff.

Rinze

A lot of people use third-party applications such as PasswordSafe to hold
all their passwords in an encrypted store for which they need to remember
only a single strong password. Such applications offer the clipboard as an
easy means of entering difficult-to-type passwords into forms and other
places where passwords need to be entered. A well-behaved application of
this nature clears the clipboard after the operation has been completed.

These are very useful applications, since these days a person can have a
hundred or more sets of credentials for online shopping, user accounts at
other types of web sites, and so forth. It would be a shame for an
application developer to disable this.

PasswordSafe is on sourceforge.net, and is free for personal use. I
recommend it highly. Of course there are many others besides this one.

Tom Dacon
Dacon Software Consulting

 

[Tom Dacon]

As I replied to Rinze below, disabling this capability would be a real
disservice to a lot of people. As I said in that response, and I repeat to
you:

A lot of people use third-party applications such as PasswordSafe to hold
all their passwords in an encrypted store for which they need to remember
only a single strong password. Such applications offer the clipboard as an
easy means of entering difficult-to-type passwords into forms and other
places where passwords need to be entered. A well-behaved application of
this nature clears the clipboard after the operation has been completed.

These applications typically offer a feature that will randomly generate
extremely strong passwords. Naturally a password like that can be nearly
impossible to remember, and VERY difficult to enter via the keyboard. So
copy and paste is a very clean way to convey the password from the encrypted
store to the forum.

These are very useful applications, since these days a person can have a
hundred or more sets of credentials for online shopping, user accounts at
other types of web sites, and so forth (I personally have about 150 such
sets of credentials in my PasswordSafe database). It would be a shame for an
application developer to interfere with this. I urge you to consider this
issue carefully before you disable your user's access to such a helpful
means of managing credentials. They won't love you for it.

PasswordSafe is on sourceforge.net, and is free for personal use. I
recommend it highly. Of course there are many others besides this one.

Tom Dacon
Dacon Software Consulting

 

[Tom Dacon]

As a follow-up to my earlier comments, if your users are actually using a
clear-text repository such as text files for their credentials, I suggest
that you educate them about the security ramifications of that procedure,
and introduce them to one or more of the secure techniques that are
available through third-party applications designed to solve the problem.

Tom Dacon
Dacon Software Consulting

 

[C-Services Holland b.v.]

Michael 03 schreef:

They use the clipboard method to reduce their typing. The program is one
that requires a user id and password to confirm who is completing an action.
In a normal workday, a user would enter their id/password ~50-80 times. We
allow using a barcode and scanner for the username (since they are known to
everyone anyway). The password is used to confirm the user is actually who
they say they are (assuming they haven't shared their password).

Maybe a better question would be how could we disable CTRL+V functionallity.
That way the clipboard remains intact for programs to use internally, but
users would not be able to paste using CTRL+V. This would meet our needs.
These workstations are only running the one program.

So the program is just badly designed. It's just insane that it would
ask for a password every time. In other words, the security is such a
nuisance that people start to find ways to bypass it. They should just
need to sign in once. But that's not your fault. But then I still don't
see the problem. So, the password is on the clipboard. If the user logs
out out of windows, the clipboard is cleared anyway.

Since you can't change the program, maybe there's a way to hookup a
fingerprint scanner, or swipecard thingie that goes between the keyboard
and computer? Ofcourse this will cost extra money, but I'm just trying
to come up with ideas here