question

LucianCojocaru-1589 avatar image
0 Votes"
LucianCojocaru-1589 asked AmitaMenon-3691 edited

Local storage redirection to WVD: how to block it

Hi everyone,

I do have a small question: how can I block the redirection of my local drive and printer to the WVD environment? I know about the GPO and the Powershell script version, but those are applied to all users that login to that tenant, and I'm not an Admin on the WVD environment, just a user.

Instead, I'm trying to figure out a way to deny this redirection from my local machine. Maybe there is a service or a registry that can be modified, to make this happen. Does anyone have any ideas?

Thank you again.

azure-virtual-desktop
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LucianCojocaru-1589

You have these properties in the portal on the RDP Properties of you Host Pool. Is this what you are lookin for?
If you ask is different, please let us know.

73543-wvd.jpg


0 Votes 0 ·
wvd.jpg (91.8 KiB)

Hi @vipullag-MSFT, I do know about this one as also, but I think this change applies to all users that login to that specific Tenant. I'm actually thinking of what can I change/disable on my personal device, to stop the Remote service from redirecting drivers and printers to the WVD. I'm suspecting there should be a local service or a key in the registry that has to be modified. As of now, I have not figured it out, but I'm still working on it.

Also, thank you for the update, the Console from Azure is pretty easy and good setup.

0 Votes 0 ·

@LucianCojocaru-1589

This is a host pool setting so applies to all users on all session hosts within it. I checked with internal team on this, there is a feature request in to enable conditional access to host pools that should incorporated this. You should raise this through the Feedback process to add weight to this feature here.


1 Vote 1 ·
LucianCojocaru-1589 avatar image
0 Votes"
LucianCojocaru-1589 answered

Thank you very much @vipullag-MSFT , I'll go and see what it can be done.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nizar-BOUAZIZI-08 avatar image
0 Votes"
Nizar-BOUAZIZI-08 answered

75485-capture.png




Need help please , I have the same problem, I have disabled disk redirection at the host pool level ,but same problem
*


capture.png (86.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ullasanand-6728 avatar image
0 Votes"
ullasanand-6728 answered

@Nizar-BOUAZIZI-08 and @vipullag-MSFT

From the testings that I have done so far, drive mapping is disabled if you access the WVD session from Web client.
Whereas, drive mapping is enabled if we access the WVD session from desktop client.

On a Windows 10 Multi-session desktop, drive mapping is enabled by default.
Hence, we have not made any changes.

Whereas, we have configured conditional policies. All Users will be able to launch the apps and desktops from Web client only. Even though they install desktop client on their desktops, they will not be able to access the WVD resources.
However, if the users are part of drivemapping exceptions group they will be able to access the WVD resources from desktop client.
By doing this we can have restricted users to access their local drives and printers from the WVD session, at the same time we also have users accessing their local drives and printers from their WVD session using desktop client connecting to the same session host.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MoorthyAnnadurai-4985 avatar image
0 Votes"
MoorthyAnnadurai-4985 answered MoorthyAnnadurai-4985 edited

You can set the below policy at the client-side to prevent USB redirection

GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services/ Remote Desktop Connection Client\RemoteFX USB Device Redirection

“This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer.”

106604-rededit.png



rededit.png (3.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.