Citrix Virtual Apps and Desktops

Generic USB devices


The generic USB redirection feature allows redirection of USB devices from client machines to HDX sessions giving end users the ability to interact with a wide selection of generic USB devices in their HDX session. This is helpful in scenarios where users need to use speciality devices that don’t have optimized support or where it is unsuitable.

Note: USB Devices not optimized for virtual channel support will fall back to the Generic USB virtual channel using raw USB redirection.

How does it work?

Generic USB redirection works at a low level and redirects USB request and response messages between client machines and XenDesktop virtual desktop.

It avoids the requirement for compatible device drivers on the client machine and the driver is expected to be supported on the virtual desktop only. USB redirection policy rules follow a certain order of precedence that allow client side policies and default rules to be honored after DDC policy rules have been evaluated and enforced. This allows Citrix admins to prevent any unauthorized/spoofed devices from being redirected inside a session.

Additionally, event logging of unauthorized devices attempting to access the remote session can be audited and flagged and admins can take additional action to prevent data exfiltration.

When a user plugs in a USB device, the session host checks it against each policy rule consecutively until a match is found. The first match for any device is considered definitive.

  • If the first match is an Allow rule, the device is redirected to the virtual desktop.
  • If the first match is a Deny rule, the device is not redirected to the session, and only available for use in the local user device. If no match is found, default rules are used.


Generic USB devices