XenDesktop 5 USB Rules/Filter – WebCamera

This post provides a way to filter out USB video devices to allow only the standard one chosen by your organization, in this case QuickCam Communicate Deluxe.
=== Start of device information =======================
Device name: QuickCam Communicate Deluxe
USB Vendor ID (VID): 0x046D
USB Product ID (PID): 0x0992
USB Revision (BCD): 0x0005
Firmware Version: 2.70.7037
Firmware CRC: 0x06D8
EEPROM Version: 2.118
Sensor Type: 2.9
Driver Version: 13.25.1014.0
=== End of device information =========================

Information above is obtained by connecting the webcam to any windows box and launching the device manager; device properties.
For the devices not in your possion, USB class codes can be found at http://www.usb.org/developers/defined_class
As our aim is to allow only Logitech QuickCam Communicate Deluxe and to block all other video devices, we deny USB video class devices which is 0e; found from the above link.
so HDX User Policy to achieve this is
http://www.eng.utoledo.edu/~smulpuru/images/XenDesktop/HDX_USB_WEBCAM_Rules.png

Allow: VID=046D PID=0992# QuickCam Communicate Deluxe
Deny: Class=0e #Video
Deny: Class=06 #Still Imaging

Thing to note is the devices that are allowed should be on top of the list.

When a user plugs in a USB device, the host device checks it against each policy rule in turn until a match is found. The first match for any device is considered definitive. If the first match is an Allow rule, the device is remoted to the virtual desktop. If the first match is a Deny rule, the device is available only to the local desktop. If no match is found, default rules are used.

Verification

Plug in various webcams to your thinclient/Citrix Receiver and fire up Event Viewer on pooled VM, navigate to

Applications and Services logs\Citrix\USB\Admin

Filter for Event ID 259 (Devices Allowed) and 260 (Devices Denied).

Information 7/20/2011 1:21:42 PM Service 260 None
The Citrix USB Service policy rejects USB Device with Product ID: 0x821 Vendor ID: 0x46d Device ID: 0x2 to be remoted.
Information 7/20/2011 1:22:59 PM Service 259 None
The Citrix USB Service allows USB Device with Product ID: 0x992 Vendor ID: 0x46d Device ID: 0x2 to be remoted.

USB Class Codes

01Audio
02Communications and CDC Control
03HID (Human Interface Device)
06Image
07Printer
08Mass Storage
09Hub
0ACDC-Data
0BSmart Card
0EVideo
DCDiagnostic Device
E0Wireless Controller

Leave a comment

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux