Group Policy Changes
To control device redirection at a granular level, RPM exposes two new software device redirection policies (group policies). These policies can be configured by an IT administrator depending on the needs of the organization.
One policy prevents the alternate driver from being loaded, while the second policy allows some alternate drivers to be loaded.
HID and hub devices can never be redirected and hence remain excluded by default.
The following two new policies are listed under Computer Configuration -> Administrative Templates -> System -> Device Redirection -> Device Redirection Restrictions:
- Group Policy setting: Prevent redirection of USB devices
This policy setting prevents an alternate driver for a USB device from being loaded. When enabled, the alternate driver cannot be loaded. When disabled or not configured, the alternate driver for the USB device can be loaded.
- Group Policy setting: Prevent redirection of USB devices that match any of these device IDs
This policy setting lets the IT Administrator specify a list of USB devices that cannot be redirected. When enabled, an alternate driver will not be loaded if the device ID matches an ID in the list. When disabled or not configured, an alternate driver can be loaded.
To create a list of devices which need to be excluded from redirection, specify a USB device hardware ID, then click OK.
For example, to prevent redirection of a device whose Vendor ID is 058F, Product ID is 6387, and Revision is 0142, type the value in the following format: "VID_058F&PID_6387&REV_0142". The device manager can be used to determine the VID, PID, and revision of a USB device. The IDs of all USB devices connected to the computer are listed under the details tab (hardware IDs).
As an alternative, administrators can use class and protocol information to block USB devices. To specify a device that has a value of Class 08, SubClass 06, and Prot 50, type the value in the following format: "Class_08&SubClass_06&Prot_50". This information is also available in the device manager. The class and protocol values of all USB devices connected to the computer are listed under details tab (compatible IDs).