xRDP – How to disable Drive Redirection and Clipboard

Hello World, 

As we are really busy in this beginning of the year, we have not so much time to blog about our favorite topics.  Since we are really short in time, we will tackle a relatively simple topic related to the xRDP Software solution.  More and more people are asking about the possibility to disable/block drive redirection and clipboard feature.  This post will try to provide some answers…

Let’s do that quickly…. 

Overview

If you follow us for a long time, you already know that xRDP software allows you to perform RDP connections to a remote Linux machine.  xRDP software is basically the Linux version for RDP connections. However, xRDP solution is not a one to one replacement to Microsoft solution.  Some features are available like Drive Redirection, sound redirection or Clipboard redirection.  Other features might be missing like console access or granular settings that can be set through group Policies 

Recent versions (i.e. version 0.9.x ) of the xRDP software offers drive redirection and Clipboard functionalities and these features are enabled by default. In most of the cases, these features are working as expected…and we tend to use and forget this feature.   However, it seems that more and more people are wondering if and how it would be possible to disable these features. 

We will quickly demonstrate how this can be done

Our Scenario

We assume that you have already an Ubuntu (Linux) machine where the xRDP software has been installed.  If not, you can either perform the installation manually or use our famous xrdp-installer script (latest version of the script can be downloaded at https://www.c-nergy.be/products.html).  We assume that you have been able to perform an initial RDP connection to your Ubuntu/Linux machine and that everything is working as expected.   

We are assuming that the MS RDP client is configured accordingly where clipboard and Drive redirection options are checked.   So, if you have all these requirements, when you perform your remote session to your Ubuntu machine,  you can see in the Nautilus File Explorer Utility, the option Thinclient_drives.  Click on it and you should see the redirected drives.  In my example, you can see 3 partitions that are made available to the remote session.  

Click on Picture for Better Resolution

If you show hidden files within Nautilus (you can press Ctrl+H shortcut keyboard),  you will also see the .Clipboard folder that made available to you 

Click on Picture for Better Resolution

As you can see, the xRDP software provides drive Redirection and Clipboard function.

Disabling Drive Redirection & Clipboard features in xRDP 

To Disable the Drive redirection & Clipboard feature, you will need to edit (with admin rights in order to modify it !!) the following file 

/etc/xrdp/xrdp.ini 

In this file, you have to find the section [Channels] and the file should look like this 

Click on Picture for Better Resolution

To Disable Drive Redirection and/or Clipboard feature,  you will simply need to change value from true to false for the following values

rdpdr=false
cliprdr=false

So, the file after the modification should look like the screenshot below 

Click on Picture for Better Resolution

To apply the change to the system, you will need to restart the xrdp service by issuing the following command 

sudo systemctl restart xrdp

Click on Picture for Better Resolution

When the service has restarted, you are ready to perform again your remote desktop connection.  After a successful connection, going to the thinclient_drives  section (in Nautilus) and you will see that no drive are  redirected into your remote session (see screenshot below)

Click on Picture for Better Resolution

As a note, if you display show hidden files in Nautilus, you will notice that even if the clipboard feature has been disabled, the .clipboard folder is still present… However, the clipboard function is not working anymore

Click on Picture for Better Resolution

As you can see, based on the instructions above, we can disable drive redirection and/or clipboard function.  However, disabling the feature would apply system-wide.  It’s does not seem possible to disable these features per user.  So, if you disable it, please be aware that this would be for all users.  Note also that users can still find other ways to transfer files between their Ubuntu and Windows machines (through smbclient for example).  

Another thing is that even if you disable the drive redirection on your system, in the Nautilus Application, you will still see the thinclient_drives option  even if the location is basically empty. You can within your remote session eject the location and remove it from Nautilus.   You can also use the command by issuing the following command 

umount $HOME/thinclient_drives

However, you will need to execute the command each time you connect to your session. To avoid that, you might want to create a login script that would run automatically each time you login to your remote session (startup script). 

As a final note, we should also mention that if you uncheck the drive redirection and clipboard within the RDP Client,  you should also be able to prevent drive Redirection and Clipboard features.  This might be another approach that could be used in your infrastructure. 

Click on Picture for Better Resolution

Final Notes

Voila ! This is it for this post…. 

As you can see, it’s quite easy to enable or disable Drive Redirection and/or Clipboard feature in xRDP software.  By default, the options will be available and should be working most of the time.  These features can be really useful if you need to transfer some data between computers during your remote session.  We can understand that some people might want to block and avoid data transfer.  However, please keep in mind that if the drive redirection or clipboard is not available, users might find other ways to transfer data over your network 

Hope this post will be useful 

Till next time

See ya

 

 

 

Leave a Reply