Disable Clipboard History

[TheAndr0id]

OS

Windows 10/11

Name

DIsable Clipboard History

Script code

:: ----------------------------------------------------------
:: -------------- Clipboard History Service -----------------
:: ----------------------------------------------------------
echo --- Clipboard History Service
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d 0 /f
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc'; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) {; Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Host "^""`"^""$serviceName`"^"" is running, trying to stop it."^""; try {; Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else {; Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if(!(Test-Path $registryKey)) {; Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {; Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try {; Set-ItemProperty $registryKey -Name Start -Value 4 -Force -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc_*'; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) {; Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Host "^""`"^""$serviceName`"^"" is running, trying to stop it."^""; try {; Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else {; Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if(!(Test-Path $registryKey)) {; Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {; Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try {; Set-ItemProperty $registryKey -Name Start -Value 4 -Force -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
:: ----------------------------------------------------------

Revert code

:: ----------------------------------------------------------
:: --------------Clipboard History Service (revert)----------
:: ----------------------------------------------------------
echo --- Clipboard History Service (revert)
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d 1 /f
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc'; $defaultStartupMode = 'Manual'; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) {; Write-Warning "^""Service query `"^""$serviceQuery`"^"" did not yield and results, cannot enable it."^""; Exit 1; }; $serviceName = $service.Name; Write-Host "^""Enabling service: `"^""$serviceName`"^"" with `"^""$defaultStartupMode`"^"" start."^""; <# -- 2. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if(!(Test-Path $registryKey)) {; Write-Warning "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 1; }; <# -- 3. Enable if not already enabled #>; $defaultStartupRegValue = if ($defaultStartupMode -eq 'Boot') { '0' } elseif($defaultStartupMode -eq 'System') { '1' } elseif($defaultStartupMode -eq 'Automatic') { '2' } elseif($defaultStartupMode -eq 'Manual') { '3' } else { throw "^""Unknown start mode: $defaultStartupMode"^""}; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq $defaultStartupRegValue) {; Write-Host "^""`"^""$serviceName`"^"" is already enabled with `"^""$defaultStartupMode`"^"" start."^""; } else {; try {; Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force; Write-Host "^""Enabled `"^""$serviceName`"^"" successfully with `"^""$defaultStartupMode`"^"" start, may require restarting your computer."^""; } catch {; Write-Error "^""Could not enable `"^""$serviceName`"^"": $_"^""; Exit 1; }; }; <# -- 4. Start if not running (must be enabled first) #>; if($defaultStartupMode -eq 'Automatic') {; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Host "^""`"^""$serviceName`"^"" is not running, trying to start it."^""; try {; Start-Service $serviceName -ErrorAction Stop; Write-Host "^""Started `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Warning "^""Could not start `"^""$serviceName`"^"", requires restart, it will be started after reboot.`r`n$_"^""; }; } else {; Write-Host "^""`"^""$serviceName`"^"" is already running, no need to start."^""; }; }"
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc_*'; $defaultStartupMode = 'Manual'; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) {; Write-Warning "^""Service query `"^""$serviceQuery`"^"" did not yield and results, cannot enable it."^""; Exit 1; }; $serviceName = $service.Name; Write-Host "^""Enabling service: `"^""$serviceName`"^"" with `"^""$defaultStartupMode`"^"" start."^""; <# -- 2. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if(!(Test-Path $registryKey)) {; Write-Warning "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 1; }; <# -- 3. Enable if not already enabled #>; $defaultStartupRegValue = if ($defaultStartupMode -eq 'Boot') { '0' } elseif($defaultStartupMode -eq 'System') { '1' } elseif($defaultStartupMode -eq 'Automatic') { '2' } elseif($defaultStartupMode -eq 'Manual') { '3' } else { throw "^""Unknown start mode: $defaultStartupMode"^""}; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq $defaultStartupRegValue) {; Write-Host "^""`"^""$serviceName`"^"" is already enabled with `"^""$defaultStartupMode`"^"" start."^""; } else {; try {; Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force; Write-Host "^""Enabled `"^""$serviceName`"^"" successfully with `"^""$defaultStartupMode`"^"" start, may require restarting your computer."^""; } catch {; Write-Error "^""Could not enable `"^""$serviceName`"^"": $_"^""; Exit 1; }; }; <# -- 4. Start if not running (must be enabled first) #>; if($defaultStartupMode -eq 'Automatic') {; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Host "^""`"^""$serviceName`"^"" is not running, trying to start it."^""; try {; Start-Service $serviceName -ErrorAction Stop; Write-Host "^""Started `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Warning "^""Could not start `"^""$serviceName`"^"", requires restart, it will be started after reboot.`r`n$_"^""; }; } else {; Write-Host "^""`"^""$serviceName`"^"" is already running, no need to start."^""; }; }"
:: ----------------------------------------------------------

Suggested category

Security Improvements - Disable unsafe features
UI for Privacy
Disable OS Services

Suggested recommendation level

Strict - it does break the clipboard history functionality.
Standard - due to the danger/privacy issues.

Additional documentation/references

I tried doing a search for "clip", "clipboard", "board" and "cbdhsvc" in the application and nothing came up. If this is already there, I couldn't find it.

The idea of putting the contents of your clipboard on the cloud is silly at best and down right dangerous at worst. Ever used copy/paste for a long secure password? How about using your credit card number for multiple purchases? Maybe just some information that you are sending to your doctor and wanted to keep a copy of your message in a file? Copy/paste/share with the world.

Some will say that Cloud storage is secure. I'd refer them to the 2014 iCloud Celebrity Photo Hack. It has happened, it will happen again.

There should be public floggings of the Microsoft Executives/Project Managers who thought this was a great idea.

[SnowzNZ]

Would probably be best as a pr since you have a way to implement it

[undergroundwires]

Thank you @TheAndr0i. I would merge a PR for this and it's an issue with high quality that gives all information needed so I can also add it directly. I agree that it should be recommended on Standard. I will add this on next minor version, after some patch release(s).

[tikkamasalla]

This is already possible manually, not sure if a script is necessary.

[SnowzNZ]

This is already possible manually, not sure if a script is necessary.

That goes for every else as well, it can all be done manually with regedit or powershell. It's easier to have a script that does it all for you

[TheAndr0id]

@SnowzNZ The functionality can be disabled through the settings GUI, but if you happen to hit WIN-V on the keyboard it will popup a window that if you don't click very carefully to close it will re-enable the system. There is no direct way to disable the service and stop the WIN-V shortcut from within the GUI. Disabling the service is the only way to ensure it's gone.

Until Microsoft pushes out a critical update that re-enables all of the Registry settings they don't like that is...

[undergroundwires]

Released since 0.13.0 🚀.