VMware Horizon Community
dohko82
Contributor
Contributor
‎05-11-2012 07:11 AM
Jump to solution

VMware VIEW How Block or unallow USB for some users

Hi guys,

     I have a question, can I block or unallow the USB for some users? not all users only some one, I have a pool with 25 machines and need block the USB to 4 users, have you any idea of how I do that?

thanks for your help Smiley Happy

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
6 Replies
MauroBonder
VMware Employee
VMware Employee
‎05-11-2012 07:14 AM
Jump to solution

Hi,

In this case You can use group policy settings to disable USB redirection for specific users

Read official note about http://pubs.vmware.com/view-50/index.jsp?topic=/com.vmware.view.administration.doc/GUID-61090F90-186...

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎05-11-2012 07:15 AM
Jump to solution

I don;t think you can do "some" users through the View Admin console. You could use GPOs.

0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎05-11-2012 07:16 AM
Jump to solution

USB GPO - http://www.petri.co.il/disable_usb_disks_with_gpo.htm

0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎05-11-2012 12:48 PM
Jump to solution

Actually there is a way. I just thought about it.

1- Set the View USB access to Allow on the Global level

2- Then you can set the USB access policy to Deny at a pool level

3-  Entitle the "USB not allowed users" to this pool.

0 Kudos
Stu_Robinson
Enthusiast
Enthusiast
‎05-14-2012 12:05 PM
Jump to solution

Hi Dohko82,

I see that people have already responded on how to allow/block USB within View, but I wanted to point out that you can implement intelligent USB blocking when using PCoIP zero clients to connect to VMware View virtual desktops.

When using a PCoIP zero clients you can whitelist / black list USB peripherals based on the USB peripheral class or by the USB vendor/product ID (VID/PID).  Not only can this provide the ability to block or allow USB for some users, you can get quite specific which can be essential in some scenarios.

Some notes on intelligent USB authorization with PCoIP zero clients:

  • USB plug event is blocked in silicon within the PCoIP zero client when a peripheral is not authorized.  So the virtual desktop will not be able to see the peripheral (an extra layer of security).
  • There is no driver in the zero client to prevent hacking or compromised driver replacement
  • While list approved USB peripherals (by class or VID/PID)
  • Black list peripherals by class or VID/PID.
  • User sees a message when the peripheral is not authorized

A few common scenario's where this can be helpful:

  • Enabling a white list of USB peripherals only for secure environments (banks, governments, schools/universities, public kiosks etc)
  • Blocking flash devices in a hospital, but allowing Doctor's to use pre-approved USB devices with build-in hardware encryption for compliance
  • Blocking flash devices in defence deployments, but allowing senior officials (ie Generals) to be able to use pre-approved flash devices with build-in hardware encryption for security standards

This list can be managed for individual PCoIP zero clients from the Administrative Web Interface (enter the zero client IP address in a browser to access), or for larger number of clients via the PCoIP management console (free download at techsupport.teradici.com).

Here is a link that provides a list of PCoIP zero clients.

Feel free to open a request at techsupport.teradici.com if you have additional questions on USB security.

Best Regards,
Stu

Director of Systems Engineering, Teradici