Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Introducing Microsoft RemoteFX USB Redirection: Part 2
Published Sep 07 2018 07:42 PM 11.4K Views
First published on CloudBlogs on Oct, 02 2010

RemoteFX USB redirection allows many types of USB devices to be used in the remote VDI session. In addition to the existing high-level device redirection mechanisms in RDP (printers, USB drives, smart cards, PnP devices, audio, etc.), RemoteFX USB redirection allows devices such as scanners, multifunction printers, webcams, and more to be used on the virtual machine. In Part 1 , we looked at an overview of the feature and what it can do, and how to set up a basic deployment of the feature. In Part 2, we’ll look at publishing, deploying for rich and thin clients, RD Web Access, and server device security.

RDP File Publishing

One of the strengths of RemoteFX USB redirection is that it allows devices to be redirected from thin clients that could not be redirected in the past due to lack of drivers. Furthermore, RemoteFX USB redirection combines with high-level device redirection mechanisms on rich clients to enable users to effectively choose the right redirection method for a given device, to get the best of both high-level and RemoteFX USB device redirection.

RemoteFX USB redirection processes a new RDP file entry: usbdevicestoredirect:s: . There are four elements to this entry:

Processing Order

Directive

Meaning

1

*

Select all devices for redirection that aren’t picked up by high-level redirection

{Device Class GUID}

Select all devices that are members of the specified device setup class

USBInstanceID

Select a USB device specified by the given instance ID for redirection

2

-USBInstanceID

Deselect a device specified by the given instance ID for redirection

The usbdevicestoredirect:s: file entry format allows the administrator to select devices by class or by redirection type, while still allowing devices to be individually selected/deselected by the user/administrator. For a list of device setup classes, go to http://msdn.microsoft.com/en-us/library/ff553426(v=VS.85).aspx .

Deploying for Rich and Thin Clients

Let’s look at how this publishing strategy works for rich and thin clients.

As mentioned in Part 1 , RemoteFX USB redirection is designed to work together with RDP’s existing high-level redirection mechanisms. As such, on a rich client, some devices will be redirected by using high-level device redirection, while others will be redirected by using RemoteFX USB redirection. Let’s look at how these come together.

Device

Support status

Redirection method

All-in-One Printer

Supported

RemoteFX USB Redirection

Printer

Supported

Easy Print

Scanner

Supported

RemoteFX USB Redirection

Biometric

Supported while in a session

Not supported during logon

RemoteFX USB Redirection

PTP Camera

Supported

Plug and Play Device Redirection

MTP Media Player

Supported

Plug and Play Device Redirection

Webcam

Supported (LAN only)

RemoteFX USB Redirection

VoIP Telephone/Headset

Supported (LAN only)

RemoteFX USB Redirection

Audio (not a USB composite device)

Supported

Audio Redirection

CD or DVD drive

Supported for read operations

Drive Redirection

Hard Drive or USB Flash Drive

Supported

Drive Redirection

Smart Card Reader

Supported

Smart Card Redirection

USB-to-Serial

Supported

RemoteFX USB Redirection

USB Network adapter (also includes some personal digital assistants)

Blocked

N/A

USB Display

Blocked

N/A

USB Keyboard or Mouse

Supported

Input Redirection


The highlighted devices are supported by RemoteFX USB redirection. Other devices in this table are supported by high-level device redirection mechanisms.
Devices not listed in the table will be processed by using RemoteFX USB redirection; they may work, but are not considered officially supported.

On rich clients, the RDP file parameters work in the following way:

·         usbdevicestoredirect:s:* will cover most devices that do not have high-level redirection mechanisms or drivers.

·         High-level device redirection will pick up most devices that do have drivers, as mentioned in the above table.

·         Class GUIDs can be used to pick up additional devices.

On thin clients: usbdevicestoredirect:s:*will pick up all devices without drivers.

As such, in many cases it is possible to create a published RDP file that will work for both rich and thin clients. Our suggested guidance is the following:

·         Start with usbdevicestoredirect:s:*

·         Add Class GUIDs for the devices you wish to use from rich clients.

For devices that have (some) functions that can work with high-level redirection or RemoteFX USB redirection, these devices will be redirected by default by using high-level device redirection mechanisms. To redirect the devices by using RemoteFX USB redirection, specify the class GUID for the device in the RDP file. These devices include:

·         Multi-function printers

·         Webcams with microphones

·         USB audio devices. For these devices to function in the remote session when redirected by using RemoteFX USB redirection, the Remote Desktop Connection audio setting must be set to “Play on remote computer.”

Remote Desktop Web Access

In addition to using usbdevicestoredirect:s: in RDP files, you can also use this parameter with Remote Desktop Web Access to enable RemoteFX USB redirection in RD Web Access and RemoteApp sessions. In this example, we redirect cameras, scanners, VoIP phones, and any other devices that do not have a corresponding high-level form of redirection.

Server Device Security

Multiple Group Policy settings are available to control when and how users can use RemoteFX USB redirection.

RemoteFX USB redirection can be controlled by using the same policy settings that control Plug and Play device redirection. The “Do not allow supported Plug and Play device redirection” policy setting can be used to allow or block RemoteFX USB redirection on a VM. The Plug and Play redirection policy settings for RD Gateway apply as well.

The path to these policy settings is Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostDevice and Resource Redirection.

More granular control of redirected devices can be achieved by using the Device Installation Restrictions policy settings on the VM. Devices can be restricted by device setup classes, device IDs, and whether or not the user is an administrator.

Path: Computer ConfigurationAdministrative TemplatesSystemDevice Installation Restrictions

For More Information

To learn more about RemoteFX USB redirection, see the “Configuring USB Device Redirection with Microsoft RemoteFX Step-by-Step Guide” on Technet: http://technet.microsoft.com/en-us/library/ff817581(WS.10).aspx .

I hope you’ve enjoyed the second part in our series of blogs on RemoteFX USB redirection. In Part 3, we’re going to answer your most frequently asked questions about RemoteFX USB redirection. So if you have any questions or comments, please post them to the blog, or send us an email at rfxusb@microsoft.com . We look forward to hearing from you!

1 Comment
Version history
Last update:
‎Sep 07 2018 07:42 PM