You can define USB policy settings for both Horizon Agent and Horizon Client. On connection, Horizon Client downloads the USB policy settings from Horizon Agent and uses them in conjunction with the Horizon Client USB policy settings to decide which devices it will allow to be available for redirection from the client computer.
The Horizon Agent Configuration ADMX template file contains policy settings related to the authentication and environmental components of Horizon Agent, including USB redirection. The ADMX template file is named (vdm_agent.admx). The settings apply at the computer level. Horizon Agent preferentially reads the settings from the GPO at the computer level, and otherwise from the registry at HKLM\Software\Policies\VMware, Inc.\VMware VDM\Agent\USB
Settings for Configuring USB Device Splitting
The following table describes each policy setting for splitting composite USB devices in the Horizon Agent Configuration ADMX template file. All of these settings are in the folder in the Group Policy Management Editor. Horizon Agent does not enforce these settings. Horizon Agent passes the settings to Horizon Client for interpretation and enforcement according to whether you specify the merge (m) or override (o) modifier. Horizon Client uses the settings to decide whether to split composite USB devices into their component devices, and whether to exclude the component devices from being available for redirection. For a description of how Horizon applies the policies for splitting composite USB devices, see Configuring Device Splitting Policy Settings for Composite USB Devices.
| Setting | Properties |
|---|---|
| Allow Auto Device Splitting Property: AllowAutoDeviceSplitting |
Allows the automatic splitting of composite USB devices. The default value is undefined, which equates to false. |
| Exclude Automatically Connection Device Family | Exludes a family of devices from being automatically forwarded. The format of the setting is {m|o}:<family-name>[;...] Set the merge (m) modifier for the client setting to merge with the agent setting or the override (o) modifier for the agent setting to override the client setting. For example: o:storage;hid |
| Exclude Automatically Connection Vid/Pid Device | Exludes a device with specified vendor and product IDs from being automatically forwarded. The format of the setting is {m|o}:<vid-<xxxx>_pid-<xxxx|*>>[;...] Set the merge (m) modifier for the client setting to merge with the agent setting or the override (o) modifier for the agent setting to override the client setting. For example: m:vid-0781_pid-554c;vid-0781_pid-9999 |
| Exclude Vid/Pid Device from Split Property: SplitExcludeVidPid |
Excludes a composite USB device specified by vendor and product IDs from splitting. The format of the setting is {m|o}:vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID. For example: o:vid-0781_pid-55** The default value is undefined. |
| Split Vid/Pid Device Property: SplitVidPid |
Treats the components of a composite USB device specified by vendor and product IDs as separate devices. The format of the setting is {m|o}:vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww])or {m|o}:vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww]) You can use the exintf keyword to exclude components from redirection by specifying their interface number. You must specify ID numbers in hexadecimal, and interface numbers in decimal including any leading zero. You can use the wildcard character (*) in place of individual digits in an ID. For example: o:vid-0781_pid-554c(exintf:01;exintf:02)
Note:
Horizon does not automatically include the components that you have not explicitly excluded. You must specify a filter policy such as
Include Vid/Pid Device to include those components.
The default value is undefined. |
Horizon Agent-Enforced USB Settings
The following table describes each agent-enforced policy setting for USB in the Horizon Agent Configuration ADMX template file. All of these settings are in the folder in the Group Policy Management Editor. Horizon Agent uses the settings to decide if a USB device can be forwarded to the host machine. Horizon Agent also passes the settings to Horizon Client for interpretation and enforcement according to whether you specify the merge (m) or override (o) modifier. Horizon Client uses the settings to decide if a USB device is available for redirection. As Horizon Agent always enforces an agent-enforced policy setting that you specify, the effect might be to counteract the policy that you have set for Horizon Client. For a description of how Horizon applies the policies for filtering USB devices, see Configuring Filter Policy Settings for USB Devices.
| Setting | Properties |
|---|---|
| Exclude All Devices Property: ExcludeAllDevices |
Excludes all USB devices from being forwarded. If set to true, you can use other policy settings to allow specific devices or families of devices to be forwarded. If set to false, you can use other policy settings to prevent specific devices or families of devices from being forwarded. If set to true and passed to Horizon Client, this setting always overrides the setting on Horizon Client. You cannot use the merge (m) or override (o) modifier with this setting. The default value is undefined, which equates to false. |
| Exclude Device Family Property: ExcludeFamily |
Excludes families of devices from being forwarded. The format of the setting is {m|o}:family_name_1[;family_name_2]... For example: o:bluetooth;smart-card If you have enabled automatic device splitting, Horizon examines the device family of each interface of a composite USB device to decide which interfaces should be excluded. If you have disabled automatic device splitting, Horizon examines the device family of the whole composite USB device. The default value is undefined. |
| Exclude Vid/Pid Device Property: ExcludeVidPid |
Excludes devices with specified vendor and product IDs from being forwarded. The format of the setting is {m|o}:vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID. For example: m:vid-0781_pid-****;vid-0561_pid-554c The default value is undefined. |
| Include Device Family Property: IncludeFamily |
Includes families of devices that can be forwarded. The format of the setting is {m|o}:family_name_1[;family_name_2]... For example: m:storage The default value is undefined. |
| Include HID Optimization Vid/Pid Device Property: HidOptIncludeVidPid |
Includes devices with specified vendor and product IDs that can be optimized. The format of the setting is vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID. For example: vid-056a_pid-0302;vid-046d_pid-c628 The default value is undefined. |
| Include Vid/Pid Device Property: IncludeVidPid |
Includes devices with specified vendor and product IDs that can be forwarded. The format of the setting is {m|o}:vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID. For example: o:vid-0561_pid-554c The default value is undefined. |
Client-Interpreted USB Settings
The following table describes each client-interpreted policy setting in the Horizon Agent Configuration ADMX template file. All of these settings are in the folder in the Group Policy Management Editor. Horizon Agent does not enforce these settings. Horizon Agent passes the settings to Horizon Client for interpretation and enforcement. Horizon Client uses the settings to decide if a USB device is available for redirection.
| Setting | Properties |
|---|---|
| Allow Audio Input Devices Property: AllowAudioIn |
Allows audio input devices to be forwarded. The default value is undefined, which equates to true. |
| Allow Audio Output Devices Property: AllowAudioOut |
Allows audio output devices to be forwarded. The default value is undefined, which equates to false. |
| Allow HID-Bootable Property: AllowHIDBootable |
Allows input devices other than keyboards or mice that are available at boot time (also known as hid-bootable devices) to be forwarded. The default value is undefined, which equates to true. |
| Allow other input devices | Allows input devices other than hid-bootable devices or keyboards with integrated pointing devices to be forwarded. The default value is undefined. |
| Allow keyboard and Mouse Devices Property: AllowKeyboardMouse |
Allows keyboards with integrated pointing devices (such as a mouse, trackball, or touch pad) to be forwarded. The default value is undefined, which equates to false. |
| Allow Smart Cards Property: AllowSmartcard |
Allows smart-card devices to be forwarded. The default value is undefined, which equates to false. |
| Allow Video Devices Property: AllowVideo |
Allows video devices to be forwarded. The default value is undefined, which equates to true. |
| Exclude Automatically Connection Device Family | Excludes families of devices from being forwarded automatically.
Use the following syntax:
{m|o}:family-name[;...]
m specifies that the client setting is merged with the agent setting. o specifies that the agent setting overrides the client setting. For example: o:storage;hid |
| Exclude Automatically Connection Vid/Pid Device | Excludes devices that have specific vendor and product IDs from being forwarded automatically. Use the following syntax: {m|o}:vid-xxxx_pid-xxxx|*[;...]m specifies that the client setting is merged with the agent setting. o specifies that the agent setting overrides the client setting. For example: m:vid-0781_pid-554c;vid-0781_pid-9999 |
