diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml
index 11ad2c0a..491958f4 100644
--- a/src/application/collections/windows.yaml
+++ b/src/application/collections/windows.yaml
@@ -5124,6 +5124,25 @@ actions:
                     reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t REG_DWORD /d 1 /f
                     reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t REG_DWORD /d 1 /f
                     reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t REG_DWORD /d 1 /f
+            -
+                name: Disable clipboard history
+                recommend: standard
+                docs:
+                    - https://github.com/undergroundwires/privacy.sexy/issues/247
+                    - https://ghostvolt.com/blog/Is-the-Windows-Clipboard-Function-History-or-Sync-Secure.html
+                call:
+                -
+                    function: DisablePerUserService
+                    parameters:
+                        # Check (system-wide):  (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\cbdhsvc").Start
+                        # Check (per-user):     (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\cbdhsvc_*").Start
+                        serviceName: cbdhsvc
+                        defaultStartupMode: Automatic
+                -
+                    function: RunInlineCode
+                    parameters:
+                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /t REG_DWORD /d 0 /f
+                        revertCode: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "AllowClipboardHistory" /f
             -
                 category: Secure cryptography on IIS (Internet Information Services) server
                 children: