How can I prevent the user from using Snip and Sketch to take screen shots?
A customer wanted to know how they could disable the Snip and Sketch feature of Windows 10. They tried deploying policy to block the execution of
ScreenSketch.exe, but that didn’t help.
Okay, first of all,
ScreenSketch.exe is not Snip and Sketch. Screen Sketch is a feature of the Windows Ink Workspace that lets you draw directly on the screen. It’s not the Snip and Sketch tool. Snip and Sketch (as of this writing) is part of the
ShellExperienceHost.exe process, and if you block that process, you lose all sorts of things like the taskbar Calendar, the wireless network chooser, and a number of other shell features.
(Note that the above information is not contractual. The implementation details of various shell features may, and indeed have, changed over time.)
We asked why the customer felt the need to disable the Snip and Sketch feature.
The customer liaison explained that they had a program that displayed proprietary information and didn’t want their employees making screen copies of the data.
Disabling the Snip and Sketch feature is not going to solve your problems. There’s also the Snipping Tool, the PrtSc key, and all number of third party screen capture utilities. And even if you manage to get them all, the employee could just take out a digital camera and snap a photo.
That said, the customer could modify their proprietary program to call the
SetWindowDisplayAffinity function to indicate that the window contents should not be included in screen captures, as I noted some time ago. The desktop compositor will prevent those pixels from being included in
BitBlt and other screen capture functions.
UWP applications can set the
IsScreenCaptureEnabled property to
false to exclude a view from screen capture functions.