Creating USB Policy Rules | Tokeshi.com Citrix Support Desktop Virtualization Support Hyper-V

Home\Creating USB Policy Rules\Creating USB Policy Rules

warning: Parameter 1 to afterburner_user_login_block() expected to be a reference, value given in /var/home2/t0k3sh1/public_html/includes/theme.inc on line 656.

Creating USB Policy Rules



Creating USB Policy Rules Document ID: CTX119722 / Created On: Feb 6, 2009 / Updated On: Feb 6, 2009 Average Rating: not yet rated View products this document applies to Summary This document describes the default USB policy rules in XenDesktop 3.0, and their semantics. Default Policy The default policy configuration is as follows: DENY: class=09 # Hub devices DENY: class=03 subclass=01 # HID Boot device (keyboards and mice) DENY: class=0b # Smartcard DENY: class=e0 # Wireless Controllers DENY: class=02 # Communications and CDC Control DENY: class=0a # CDC Data ALLOW: # Ultimate fallback: allow everything else How It Works When a user plugs in a USB device, it is checked against each policy rule in turn until a match is found. The first match for any device is considered definitive. If the first match is an Allow rule, the device is remoted to the virtual desktop. If the first match is a Deny rule, the device is available only to the local desktop. Creating New USB Policy Rules The XenDesktop Administrator’s Guide describes how to update the list of USB devices available for remoting in “Updating the List of USB Devices Available for Remoting”. Tip: When creating new policy rules, refer to the USB Class Codes, available from the USB Web site at http://www.usb.org/ Policy rules take the format {Allow:\|Deny:} followed by a set of tag=value expressions separated by whitespace. The following tags are supported: Tag Description VID Vendor ID from the device descriptor PID Product ID from the device descriptor REL Release ID from the device descriptor Class Class from either the device descriptor or an interface descriptor SubClass Subclass from either the device descriptor or an interface descriptor Prot Protocol from either the device descriptor or an interface descriptor When creating new policy rules, be aware of the following: • Rules are case-insensitive. • Rules may have an optional comment at the end, introduced by #. A delimiter is not required and the comment is ignored for matching purposes. • Blank and pure comment lines are ignored. • Whitespace is used as a separator, but cannot appear in the middle of a number or identifier. For example, Deny: Class = 08 SubClass=05 is a valid rule; Deny: Class=0 Sub Class=05 is not. • Tags must use the matching operator =. For example, VID=1230. • Each rule must start on a new line or form part of a semicolon separated list. Important: If you are using the Administrative (ADM) template, you must create rules on a single line, as a semicolon separated list. Example This example shows a set of administrator-defined USB policy rules. Allow: VID=1230 PID=0007 # ANOther Industries, ANOther Flash Drive Deny: Class=08 SubClass=05 # Mass Storage More Information For more information about XenDesktop 3.0 and USB device support, see the XenDesktop Administrator’s Guide. This document applies to: XenDesktop 3.0 x32 Exit Print View

Primary links

Main Menu

Who's online

There are currently 0 users and 0 guests online.

User login