XenDesktop 5 USB Rules/Filter – WebCamera

This post provides a way to filter out USB video devices to allow only the standard one chosen by your organization, in this case QuickCam Communicate Deluxe.

=== Start of device information =======================
Device name: QuickCam Communicate Deluxe
USB Vendor ID (VID): 0x046D
USB Product ID (PID): 0x0992
USB Revision (BCD): 0x0005
Firmware Version: 2.70.7037
Firmware CRC: 0x06D8
EEPROM Version: 2.118
Sensor Type: 2.9
Driver Version: 13.25.1014.0
=== End of device information =========================

Information above is obtained by connecting the webcam to any windows box and launching the device manager; device properties.

For the devices not in your possion, USB class codes can be found at http://www.usb.org/developers/defined_class

As our aim is to allow only Logitech QuickCam Communicate Deluxe and to block all other video devices, we deny USB video class devices which is 0e; found from the above link.

so HDX User Policy to achieve this is
https://i1.wp.com/www.eng.utoledo.edu/~smulpuru/images/XenDesktop/HDX_USB_WEBCAM_Rules.png

Allow: VID=046D PID=0992# QuickCam Communicate Deluxe
Deny: Class=0e #Video
Deny: Class=06 #Still Imaging

Thing to note is the devices that are allowed should be on top of the list.

When a user plugs in a USB device, the host device checks it against each policy rule in turn until a match is found. The first match for any device is considered definitive. If the first match is an Allow rule, the device is remoted to the virtual desktop. If the first match is a Deny rule, the device is available only to the local desktop. If no match is found, default rules are used.

Verification

Plug in various webcams to your thinclient/Citrix Receiver and fire up Event Viewer on pooled VM, navigate to

Applications and Services logs\Citrix\USB\Admin

Filter for Event ID 259 (Devices Allowed) and 260 (Devices Denied).

Information 7/20/2011 1:21:42 PM Service 260 None
The Citrix USB Service policy rejects USB Device with Product ID: 0x821 Vendor ID: 0x46d Device ID: 0x2 to be remoted.

Information 7/20/2011 1:22:59 PM Service 259 None
The Citrix USB Service allows USB Device with Product ID: 0x992 Vendor ID: 0x46d Device ID: 0x2 to be remoted.

USB Class Codes

01 Audio
02 Communications and CDC Control
03 HID (Human Interface Device)
06 Image
07 Printer
08 Mass Storage
09 Hub
0A CDC-Data
0B Smart Card
0E Video
DC Diagnostic Device
E0 Wireless Controller

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s