We’re big fans of using Windows Virtual Desktop (WVD), or now called Azure Virtual Desktop (AVD), for securing your team’s activity while they work remotely and for its simple setup and deployment when provisioning desktops. Did you know that in addition to the enhanced security features that come standard with using WVD, there’s also a simple way to set up screen capture protection?
In the video below, our Azure Architect, Jeremy Brewer, takes a dive into this awesome feature and walks you through how to set it up.
I want to take you through a new preview feature called Screen Capture Protection for Windows Virtual Desktop. Ever since Windows Virtual Desktop was released in 2019, I cannot stop raving about it. The product is something that I think is revolutionary. It's taken the traditional terminal services and remote desktop, and it has greatly impacted our customers who are using it now. I have been trying to put as many people on this as possible, and I want to show you one of the features, which is one of the reasons why I think you might want to be on it too.
Setting up Windows Virtual Desktop Screen Capture Protection
According to Microsoft Documentation, we should be able to enable a preview feature. And it looks like all we need to do is enable this specific registry key. Going down into the directions a little bit further, it looks like all we need to do is make sure that we have a recent version of the Windows Desktop client. It's limited to just a full desktop at the moment. And then make sure that our validation settings are enabled for our pool. I happen to have a test environment for that.
I'm going to go ahead and go into my test environment here. I have a WVU multi-user setup. What we want to do is we want to enable that validation environment.
Now, we're going to go into the pool, go into properties here for that pool. We’re going to enable this for validation. Go ahead and save that.
Now that that's done, we have to make sure that we have the most recent version of Windows Desktop. Then it seems like all we have to do is enable that registry key.
Pulling up the Windows Remote Desktop client, we're going to verify the version. Click on settings and about, and we can see that we're running version 1.2.1672. And the documentation had states we needed to be running version at least 1.2.1526 or later.
Let's jump into the testing environment and set the registry key. There are a couple of ways to do it through the command line or PowerShell.
6a. Let's set it manually because I'm a visual learner. What we'll do is go over to the terminal services policy section here. So H key local machine. It'd be under software, policies, Microsoft, Windows NT, and terminal services.
6b. We’re going to set a DWORD value. Do DWORD, and we're going to go ahead and grab the name here out of the documentation, paste. And it is going to include that “F” right there at the beginning. "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableScreenCaptureProtection /t REG_DWORD /d 1
Then, we're going to go ahead and set this value to 1 to make it TRUE. We’re then going to go ahead and restart the system.
I’ll go ahead and jump back into the testing environment and see if that restart did the trick. I'll tell you, it's the craziest thing! You can't see my screen at all. It's not being recorded whatsoever. I'm minimizing it. I'm windowing the screen right now – and you can't see it. I'm unable to use Snipping Tool to create a screenshot of it. You cannot see the Windows Virtual Desktop at all. I'm talking about this type of thing when it comes to security in Windows Virtual Desktop. This is the type of thing that keeps me talking about it time and time again—the ability for having that safe haven of information [is critical].
Whether you're an IT member who is excited about the simplicity of maintaining a remote environment, or you're talking about keeping sensitive documents protected, this is the type of thing that is going to help do that.
To enable comments sign up for a Disqus account and enter your Disqus shortname in the Articulate node settings.