diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf
index 64d52bd6..18638148 100644
--- a/registry/coder/modules/kasmvnc/main.tf
+++ b/registry/coder/modules/kasmvnc/main.tf
@@ -57,7 +57,21 @@ variable "subdomain" {
 variable "kasm_config" {
   type        = string
   default     = ""
-  description = "Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details."
+  description = <<-EOT
+    Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings.
+    
+    Example for DLP policies:
+    ```yaml
+    data_loss_prevention:
+      clipboard:
+        server_to_client: false
+        client_to_server: false
+      printing: false
+      download: false
+    ```
+    
+    See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details.
+  EOT
 }
 
 resource "coder_script" "kasm_vnc" {
diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh
index a244c912..66e6bdd6 100644
--- a/registry/coder/modules/kasmvnc/run.sh
+++ b/registry/coder/modules/kasmvnc/run.sh
@@ -254,6 +254,33 @@ fi
 if [[ -n "${KASM_CONFIG}" ]]; then
   echo "Adding custom KasmVNC configuration."
   
+  # Check for common configuration errors
+  if echo "${KASM_CONFIG}" | grep -q "^policies:"; then
+    echo "WARNING: Found 'policies:' at the top level of your configuration."
+    echo "WARNING: DLP policies should be under the 'data_loss_prevention:' section."
+    echo "WARNING: Example:"
+    echo "WARNING: data_loss_prevention:"
+    echo "WARNING:   clipboard:"
+    echo "WARNING:     server_to_client: false"
+    echo "WARNING:     client_to_server: false"
+    echo "WARNING:   printing: false"
+    echo "WARNING:   download: false"
+    
+    # Create a temporary file for the fixed configuration
+    FIXED_CONFIG_FILE=$(mktemp)
+    
+    # Replace 'policies:' with 'data_loss_prevention:'
+    echo "${KASM_CONFIG}" | sed 's/^policies:/data_loss_prevention:/' > "$FIXED_CONFIG_FILE"
+    
+    # Use the fixed configuration
+    KASM_CONFIG=$(cat "$FIXED_CONFIG_FILE")
+    
+    # Clean up
+    rm "$FIXED_CONFIG_FILE"
+    
+    echo "WARNING: Automatically fixed configuration. Please update your Terraform code."
+  fi
+  
   # Add a comment to mark the start of custom config
   echo "" >> "$TEMP_CONFIG_FILE"
   echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE"