How to permanently disable screenshot (prtsc) on windows 10

Associate
Joined
8 Sep 2008
Posts
1,242
Location
Birmingham
Hi all

I am setting up some laptops for potential employees to use (Lenovo Thinkpad E570's). It is essential that they not be allowed to capture screen shots (sensitive company data).

Is there any permanent way to lock this function off?

Thanks for your help in advance :)
 
Associate
OP
Joined
8 Sep 2008
Posts
1,242
Location
Birmingham
Disable clipboard?

How would I do that?

Not a helpful response but if they are determined aren't they just going to capture the screen on their phone or something?

Might be something in group policy to do it I can't remember off the top of my head.

EDIT: First hit on google http://stackoverflow.com/questions/28083031/disable-the-printscreen-keyboard-option-from-windows

I did see this but it is reversible. As for the phones they won't be allowed in the office that these laptops will be in.
 
Soldato
Joined
6 Sep 2016
Posts
9,441
Associate
OP
Joined
8 Sep 2008
Posts
1,242
Location
Birmingham
How can you stop people bringing in phones, unless you do a search everyday, not allow handbags, jackets etc. How do you stop someone bringing in a camera this small?

https://itsmeeveluss.files.wordpress.com/2011/05/soysuperminijajja.jpg

With all due respect this isn't helpful. I do understand and have considered that a very determined person could smuggle a camera in, no people won't be searched as it isn's Abu Grahib. The point here is to make it as difficult as possible to do that. Surely its easier to spot someone using a device to take photos of the screen then it is to spot someone using a key combo to take a screen shot?

Back to the question in hand?
 
Man of Honour
Joined
13 Oct 2006
Posts
90,821
TBH I think you are going to have to go full lockdown via the group policy editor - even then a determined person with reasonable IT skills and enough time unattended can work around it - the only other option would be a hot glue gun and making sure the key can't be pressed :O
 
Associate
Joined
16 Jan 2011
Posts
114
Location
London
Quick google search revealed this to me. Simply copy the contents to nopetad then click save as and select all file types in the drop down and name the file what ever you want just add ".reg" to then end. Then run it and apply changes to registry and voila.

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,00,00,2a,e0,00,00,37,e0,\
00,00,54,00,00,00,00,00


To undo the changes just follow the same procedure as above.

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=-
 
Man of Honour
Joined
13 Oct 2006
Posts
90,821
Problem for the OP is that it is relatively easy to reverse or reset by anyone half clued up - largely that is going to be the problem with almost any basic solution though short of going for a bespoke setup or modifying hardware.
 
Soldato
Joined
1 Apr 2014
Posts
18,539
Location
Aberdeen
I am setting up some laptops for potential employees to use (Lenovo Thinkpad E570's). It is essential that they not be allowed to capture screen shots (sensitive company data).

Is there any permanent way to lock this function off?

Perhaps you could look at the problem from another angle: what good is taking a screenshot if it can't be taken away? USB ports can be disabled by Group Policy, and you can block email access. Is the browser already locked down?

Perhaps a more subtle solution would be for PrtSc to trigger an alert - these are potential employees after all, and trustworthiness is key - so if they try to take a screenshot, they're not trustworthy and can be rejected immediately.

But given that these are only potential employees why are you showing them live confidential data in the first place?
 
Soldato
Joined
12 Sep 2005
Posts
6,493
Location
Grundisburgh
A bit drastic but maybe cut the connection behind the key. Trouble is you could probably easily remap another key.
From experience it is very difficult to stop people doing things like this. We had to put silicone gel into headphone sockets once to stop people playing music!
An old manager of mine once said if you don't trust them - sack them.
Andi.
 
Associate
OP
Joined
8 Sep 2008
Posts
1,242
Location
Birmingham
TBH I think you are going to have to go full lockdown via the group policy editor - even then a determined person with reasonable IT skills and enough time unattended can work around it - the only other option would be a hot glue gun and making sure the key can't be pressed :O

I'm liking the glue gun idea, I might have to resort to this even though it might void the warranty (these are brand new machines).

Quick google search revealed this to me. Simply copy the contents to nopetad then click save as and select all file types in the drop down and name the file what ever you want just add ".reg" to then end. Then run it and apply changes to registry and voila.

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,00,00,2a,e0,00,00,37,e0,\
00,00,54,00,00,00,00,00


To undo the changes just follow the same procedure as above.

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=-

As Rroff mentioned, I'm looking for something that is not reversible if at all possible.

Perhaps you could look at the problem from another angle: what good is taking a screenshot if it can't be taken away? USB ports can be disabled by Group Policy, and you can block email access. Is the browser already locked down?

Perhaps a more subtle solution would be for PrtSc to trigger an alert - these are potential employees after all, and trustworthiness is key - so if they try to take a screenshot, they're not trustworthy and can be rejected immediately.

But given that these are only potential employees why are you showing them live confidential data in the first place?

Poor turn of phrase on my part. They are "new" employees not potentials. It is always possible that they could screenshot and then email data to themselves.

I have disabled all ports, camera, blutooth, wifi, optical drive, memory card reader via BIOS and applied a strong supervisor password. I also have physical port blockers. There will also be some form of monitoring software installed (to log keystrokes etc) and they will be made aware of all of this before using the machines.

I agree and they do seem trust worthy, but it would be negligent on my part to leave something as glaringly simple to do as this open and available for use.

Swap it with the pause/break key?

Edit: just had a look and has a dedicated key.

LOL I'm sure it wouldn't take long to figure that out, plus yeah the key is dedicated by the spacebar.

A bit drastic but maybe cut the connection behind the key. Trouble is you could probably easily remap another key.
From experience it is very difficult to stop people doing things like this. We had to put silicone gel into headphone sockets once to stop people playing music!
An old manager of mine once said if you don't trust them - sack them.
Andi.

It is difficult and I agree, employees should be trust worthy, but its a matter of prevention rather then cure. While they do seem trust worthy enough, it would be negligent of me not to close the door on such glaringly obvious way to take data. LOL I don't mind them playing music though!
 
Soldato
Joined
12 Sep 2005
Posts
6,493
Location
Grundisburgh
Has anyone done a risk assessment of this potential issue, you might find it turns out to be low risk and hence you have done your duty. Any permanent fix to this going to void any warranty, so that could be just as risky.
Andi.
 
Soldato
Joined
1 Apr 2014
Posts
18,539
Location
Aberdeen
Given the lengths to which you are going, I'm guessing your company has a security controller, and it is that person to whom you should be talking.
 
Back
Top Bottom