Article: Enabling or Disabling HDX Plug-n-Play for USB Storage Devices

Posted on by Alain

Intro

Sometimes your security team will be your best friend. They will be the “bad guy” in your IT organization and prevent certain applications from being installed or they will require that remote users have reduced access. Recently, I was approached by my security team to prevent access to the clipboard, local printers, and local drives for a certain group of users.  This better secures our environment and  reduces ICA bandwidth and speeds up login times. When I created a new Citrix policy to put these restrictions in place, I found that USB hard-drives were still being mapped.

Solution

Searching the Citrix eDocs site, I came across the following detail at the bottom of the Drives Folder section in the Policy Rules Reference:

Enabling or Disabling HDX Plug-n-Play for USB Storage Devices
HDX Plug-n-Play for USB storage devices is enabled by default. To change the settings for HDX Plug-n-Play for USB storage devices, manually change the key specified below on the XenApp server. Changes apply to all users.

Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.

Toggle USB drive redirection on and off using the following registry key on the server:

On XenApp 32-bit edition
HKEY_LOCAL_MACHINE\Software\Citrix\Policies\DisableUSBDriveRedirection

On XenApp 64-bit edition
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\Policies\DisableUSBDriveRedirection

Type: DWORD

Values:
1 = redirection disabled
0 = redirection enabled

Note: HDX Plug-n-Play for USB storage devices is enabled when the registry key is not present.

Once I added the registry setting (and logged back in), I was no longer able to see any mapped USB hard drives. This is also referenced in the following CTX articles: How to Prevent Manual Mapping of Client Connected USB Drives and How to Disable USB Drive Redirection

Thanks,
Alain

2 thoughts on “Article: Enabling or Disabling HDX Plug-n-Play for USB Storage Devices”

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.