VMware Horizon Community
DSJordan
Enthusiast
Enthusiast
‎06-19-2019 02:17 PM
Jump to solution

VMware Horizon - Block thumb drives, but enable for specific users

Hello!

We are using Horizon 7.8, and would like to, generally block USB access, but give USB access (specifically thumb drives) for a few specific users.  Most users connect via Wyse zero clients, some use the VMware software client.

I was unable to find a way to grant thumb drive usage by user.  Is there a way, by running a command when a user logs in to either grant (or deny) access to thumb drives?  If a command can do it, then I could use the User Environment Manager or a login script or other method to conditionally configure the session for the user to grant access to thumb drives.

Thanks a lot!

Scott

0 Kudos
1 Solution

Accepted Solutions
anvanster
Enthusiast
Enthusiast
‎06-19-2019 07:46 PM
Jump to solution

Hi Scott,

There are lots of ways to disable USB devices in Windows. Here are few of them:

1. VMware Horizon can disable USB redirection for certain user groups. Document is here.

2. Using GPO. Since you're probably running in the domain environment you can use GPO to restrict access to USB/CDROM devices. Example is here.

3. Through registry. You can run a regedit script once user logs into the VM. Example is here.

View solution in original post

0 Kudos
4 Replies
anvanster
Enthusiast
Enthusiast
‎06-19-2019 07:46 PM
Jump to solution

Hi Scott,

There are lots of ways to disable USB devices in Windows. Here are few of them:

1. VMware Horizon can disable USB redirection for certain user groups. Document is here.

2. Using GPO. Since you're probably running in the domain environment you can use GPO to restrict access to USB/CDROM devices. Example is here.

3. Through registry. You can run a regedit script once user logs into the VM. Example is here.

0 Kudos
mchadwick19
Hot Shot
Hot Shot
‎06-20-2019 06:31 AM
Jump to solution

You can use UEM smart policies and a condition set to allow users that are members of a particular group to have access to USB redirection.

We've done this where only certain users can access USB redirection if their client is on-premise.

VDI Engineer VCP-DCV, VCP7-DTM, VCAP7-DTM Design
0 Kudos
DSJordan
Enthusiast
Enthusiast
‎06-20-2019 12:03 PM
Jump to solution

Thanks!  I hadn't though of using a Smart Policy, but it doesn't look specific enough.  I need to disable storage devices, but NOT disable USB-based printers, and scanners.  I am planning to test a solution using GPO and / or registry edits as suggested by anvanster.

Thanks again!

0 Kudos
DSJordan
Enthusiast
Enthusiast
‎06-20-2019 12:12 PM
Jump to solution

Thanks a lot for the comprehensive answer.  This is exactly what I needed!

Scott

0 Kudos