I need to find a way to disable scanner redirection, folder sharing, USB access and similar functionality when a user logs into their virtual desktop from an untrusted device (e.g. a private laptop, or PC), but to leave these features enabled when the same user logs into the same virtual desktop from a trusted corporate laptop. I was hoping that someone here might have had experience using Start Session Scripts, or CommandsToRunOnConnect / CommandsToRunOnReconnect group policy settings (or some similar functionality) to test for a factor on the client device - enabling or disabling the corresponding services on the virtual desktop based on the outcome of that test. The test could be for anything really, such as:

• Domain Membership of the client machine
• Presence or absence of a specific environment variable on client machine
• Presence or absence of a specific file
• Presence or absence of a specific registry entry
• Presence or absence of a specific certificate

Any suggestions on the simplest way to achieve this outcome? (Our service provider's infrastructure doesn't yet support Smart Policies)