SebastianK8
Enthusiast
Enthusiast

Only allow Camera and Headset for external Connections

Hi,

my customer has only one Desktop pool for internal and external connections. He wants to deny all USB devices except Camera and Headset for specific Groups. With DEM Smart Policies (User Environment) I an only deny all USB devices without an exception. With Smart Policies on Computer Environment I could specify USB devices, but I can not define the Horizon Client Condition or User Group :slightly_smiling_face: Is it possible to configure this behavior with DEM? I'm pretty sure its possible, but I dont get it.
All internal connections should be able to use USB devices, only external connections should be restricted to some USB devices.

Thanks in Advance!

Sebastian

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi @SebastianK8,

I'll try to play around with this a bit later this week, but I expect that this is currently not possible. DEM's Horizon Smart Policies feature just provides a bit of configuration to the respective Horizon components. For this use case, Horizon's USB redirection would have to support HKCU-based settings for device inclusion/exclusion, and I don't think it does.

As computer-based settings are applied at startup rather than user logon, we don't know anything about internal/external or group membership, as there is no connection or user to query at that time.

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi @SebastianK8,

I've taken a look at this, and this would indeed require changes on the Horizon agent side. The USB redirection component processes almost all of its configuration before DEM gets to perform its logon activities; only the USB redirection enabled/disabled setting that can be applied with DEM Horizon Smart User Policies is picked up afterwards.

You can allow specific VIDs/PIDs using Horizon Smart Computer Policies or using an elevated task (which allows targeting based on user/connection conditions), but those settings won't be picked up until a session reconnect. Hardly a user-friendly approach :disappointed_face:

View solution in original post

Reply
0 Kudos
SebastianK8
Enthusiast
Enthusiast

Hi,

thanks for your research :slightly_smiling_face: Maybe we will configure specific allowed USB Devices globally for internal and external connections. 
Have a nice day!

Regards
Sebastian