Thank you so much Nick, read only is not an option as the user is not allowed to enter credentials in remote system nor work on it. I will explore further solutions based on your useful recommendations for Windows GPO.
BR. Jose ________________________________ De: Nick Couchman <vn...@apache.org> Enviado: lunes, 18 de enero de 2021 17:38 Para: user@guacamole.apache.org <user@guacamole.apache.org> Asunto: Re: Help to disable on-screen keyboard and input text On Mon, Jan 18, 2021 at 11:27 AM Jose Moreno Delgado <jose_tel...@msn.com<mailto:jose_tel...@msn.com>> wrote: Hi, I noticed that on-screen keyboard is not a choice (I can't disable input methods for users from admin preferences) on emergent menu or preferences tab and it's very risky as an user is allowed to enter to guest machine when running RDP and a remote application directly from Guacamole as the task manager can be run pressing ctl+alt+tab and start applications like explorer to get full control of the machine. Can you help me to understand if there's an option to disable input methods apart from phisical user keyboard? no on-screen keyboard nor input text. If you don't want the user to be able to input anything into the remote session, then you can make the connection read-only. This will disable all input into the connection. This option is available in the "Display" section of the connection parameters if you're using the JDBC module to create the connections, or by setting the "read-only" parameter if using the XML file or LDAP. If you're just trying to prevent users from inputting certain key combinations in order to better secure the remote system, then Guacamole is not the correct place to try to do this - you need to properly secure the remote system using the tools available for that operating system. Trying to use Guacamole to disable certain things, like keyboard shortcuts, is just "security by obscurity," at best, and clever users will just find a way around it (like using the JavaScript console to trigger keypresses into the tunnel directly). Removing the on-screen keyboard is not a solution for this. There are several tools for Windows - both built-in (GPO) and add-on - that allow you to lock down the applications that users are allowed to launch. I suggest digging into those. -Nick
