RemoteFX USB redirection allows many types of USB devices to be used in the remote VDI session. In addition to the existing high-level device redirection mechanisms in RDP (printers, USB drives, smart cards, PnP devices, audio, etc.), RemoteFX USB redirection allows devices such as scanners, multifunction printers, webcams, and more to be used on the virtual machine.
RDP File Publishing
One of the strengths of RemoteFX USB redirection is that it allows devices to be redirected from thin clients that could not be redirected in the past due to lack of drivers. Furthermore, RemoteFX USB redirection combines with high-level device redirection mechanisms on rich clients to enable users to effectively choose the right redirection method for a given device, to get the best of both high-level and RemoteFX USB device redirection.
RemoteFX USB redirection processes a new RDP file entry: usbdevicestoredirect:s: . There are four elements to this entry:
Processing Order | Directive | Meaning |
1 | * | Select all devices for redirection that aren’t picked up by high-level redirection |
{Device Class GUID} | Select all devices that are members of the specified device setup class | |
USB\InstanceID | Select a USB device specified by the given instance ID for redirection | |
2 | -USB\InstanceID | Deselect a device specified by the given instance ID for redirection |
The usbdevicestoredirect:s: file entry format allows the administrator to select devices by class or by redirection type, while still allowing devices to be individually selected/deselected by the user/administrator.
Deploying for Rich and Thin Clients
Let’s look at how this publishing strategy works for rich and thin clients.
RemoteFX USB redirection is designed to work together with RDP’s existing high-level redirection mechanisms. As such, on a rich client, some devices will be redirected by using high-level device redirection, while others will be redirected by using RemoteFX USB redirection. Let’s look at how these come together.
Device | Support status | Redirection method |
All-in-One Printer | Supported | RemoteFX USB Redirection |
Printer | Supported | Easy Print |
Scanner | Supported | RemoteFX USB Redirection |
Biometric | Supported while in a session Not supported during logon | RemoteFX USB Redirection |
PTP Camera | Supported | Plug and Play Device Redirection |
MTP Media Player | Supported | Plug and Play Device Redirection |
Webcam | Supported (LAN only) | RemoteFX USB Redirection |
VoIP Telephone/Headset | Supported (LAN only) | RemoteFX USB Redirection |
Audio (not a USB composite device) | Supported | Audio Redirection |
CD or DVD drive | Supported for read operations | Drive Redirection |
Hard Drive or USB Flash Drive | Supported | Drive Redirection |
Smart Card Reader | Supported | Smart Card Redirection |
USB-to-Serial | Supported | RemoteFX USB Redirection |
USB Network adapter (also includes some personal digital assistants) | Blocked | N/A |
USB Display | Blocked | N/A |
USB Keyboard or Mouse | Supported | Input Redirection |
The highlighted devices are supported by RemoteFX USB redirection. Other devices in this table are supported by high-level device redirection mechanisms.
Devices not listed in the table will be processed by using RemoteFX USB redirection; they may work, but are not considered officially supported.
On rich clients, the RDP file parameters work in the following way:
usbdevicestoredirect:s:* will cover most devices that do not have high-level redirection mechanisms or drivers.
High-level device redirection will pick up most devices that do have drivers, as mentioned in the above table.
Class GUIDs can be used to pick up additional devices.
On thin clients: usbdevicestoredirect:s:*will pick up all devices without drivers.
As such, in many cases it is possible to create a published RDP file that will work for both rich and thin clients. Our suggested guidance is the following:
Start with usbdevicestoredirect:s:*
Add Class GUIDs for the devices you wish to use from rich clients.
For devices that have (some) functions that can work with high-level redirection or RemoteFX USB redirection, these devices will be redirected by default by using high-level device redirection mechanisms. To redirect the devices by using RemoteFX USB redirection, specify the class GUID for the device in the RDP file. These devices include:
Multi-function printers
Webcams with microphones
USB audio devices. For these devices to function in the remote session when redirected by using RemoteFX USB redirection, the Remote Desktop Connection audio setting must be set to “Play on remote computer.”
Remote Desktop Web Access
In addition to using usbdevicestoredirect:s: in RDP files, you can also use this parameter with Remote Desktop Web Access to enable RemoteFX USB redirection in RD Web Access and RemoteApp sessions. In this example, we redirect cameras, scanners, VoIP phones, and any other devices that do not have a corresponding high-level form of redirection.
Server Device Security
Multiple Group Policy settings are available to control when and how users can use RemoteFX USB redirection.
RemoteFX USB redirection can be controlled by using the same policy settings that control Plug and Play device redirection. The “Do not allow supported Plug and Play device redirection” policy setting can be used to allow or block RemoteFX USB redirection on a VM. The Plug and Play redirection policy settings for RD Gateway apply as well.
The path to these policy settings is Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.
More granular control of redirected devices can be achieved by using the Device Installation Restrictions policy settings on the VM. Devices can be restricted by device setup classes, device IDs, and whether or not the user is an administrator.
Path: Computer Configuration\Administrative Templates\System\Device Installation Restrictions
Source :- blogs.msdn.com