Disable RDP/Remote Server Clipboard Redirection

We are starting a new series that answers common questions, or questions that have been asked about PowerShell. Today we are learning how to disable clipboard redirection using PowerShell. What we intend to provide is one of the many, many ways you can accomplish these tasks within PowerShell.

All of the solutions are mine, and demonstrate my skill and ability level at the time of writing. That is to say, I might not always write the best PowerShell code, and if you know of a better way I welcome that input.

Let’s start. Today’s question is:

How do you disable RDP/Remote Server Clipboard Redirection?

The Answer:

Disable clipboard redirection using PowerShell

There are numerous ways to write to the registry. The below command is just one way.

$server = "DS1.Contoso.Com"
REG ADD "\\$server\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v fDisableClip /t REG_DWORD /d 1 /f

First, we define the $server variable. In this case, we are going to test Domain Server 1 for Contoso.com. The next line uses Reg Add, the server name, the location in the registry that we are changing. In this case, the RegPath we are modifying is; HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp. With a value denoted by /v, which is fDisableClip. The type of RegValue is REG_DWORD. The data we are modifying comes after the /d which is 1. Lastly, we apply all settings in this key, subkey, value, and set by using the /f which forcibly applies the changes specified.

Multiple Servers?

Now, that is fine if you only have one server. What happens if you have 10, 100, 1000? You cannot possibly be expected to manually write out two lines per server. Even copying and pasting this code will take a long time, and you will still have to modify the servers to complete it. Very, very time-consuming.

Next:

No what we do is use a Get-Content, and ForEach, and a bit of Test-Connection and Write-Host for flavor. Let me explain.

Say we store the list of servers or IP’s in a text file. One server per line. We will say it looks like this;

ds1.contoso.com
ds2.contoso.com
db1.contoso.com
db2.contoso.com
ds3.contoso.com
ds4.contoso.com
ipam1.contoso.com
ipam2.contoso.com
web1.contoso.com
web2.contoso.com
web3.contoso.com
web4.contoso.com
web5.contoso.com

Now, we want to run the above reg key change on all servers in the list. We will save this file and call it servers.txt.

We take servers.txt and use Get-Content. That command looks like this:

$servers = Get-Content C:\scripts\server.txt

What we did was used Get-Content to read, and paste the “content” from C:\scripts\server.txt and put all of that “content” into the variable $servers.

Next, we need to loop through each server, one per line, within the $servers variable. We start with a foreach as that will iterate through this list of $servers nicely. foreach looks a little different as it’s a multiline command.

foreach($s in $servers){

}

That is it. The above foreach is your most basic foreach command. What we have done is said that “for each” $s in $servers, (for each server, $s, in the $server variable) do what we place inside the {BRACKETS}.

Finally:

Lastly let’s put it all together, and remember that when we run this we need to run it from an Administrator PowerShell Console. I added a Write-Host to show you which server the script was working on just after outputting the server name. I also modified the $servers variable to not use a written out path but a $path variable for Get-Content that way the script can be more easily modified/extended/incorporated later.

$path = "C:\scripts\server.txt"
$servers = Get-Content $path
     foreach($s in $servers){
           Write-Host Currently Working $s Server from $path 

           REG ADD "\\$s\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v fDisableClip /t REG_DWORD /d 1 /f
}

Now this works, will report to you what it is doing, but say you only want to test the devices that are online, regardless of how many devices are in the $servers list?

Here’s how I did this:

Disable clipboard redirection using PowerShell

We start by using the preexisting foreach command we then create an IF statement to test the connection. The trick with IF statements is the condition directly after the statement is always $True. So you have to write it accordingly. In this case, I use IF -not, which says if there is no connection to the server then Write-Host output that server is down otherwise change the registry key because the server is online.

Now we know how to disable clipboard redirection using PowerShell.