USB devices policy settings
The USB devices section contains policy settings for managing file redirection for USB devices.
Client USB device optimization rules
Client USB device optimization rules can be applied to devices to disable optimization, or to change the optimization mode.
When a user plugs in a USB input device, the host checks if the device is allowed by the USB policy settings. If the device is allowed, the host then checks the Client USB device optimization rules for the device. If no rule is specified, then the device is not optimized. Capture mode (04) is the recommended mode for signature devices. For other devices which have degraded performance over higher latency, administrators can enable Interactive mode (02) . See descriptions below for available modes.
Good to know
- For the use of Wacom signature pads and tablets, Citrix recommends that you disable the screen saver. Steps on how to do this are at the end of this section.
- Support for the optimization of Wacom STU signature pads and tablets series of products has been preconfigured in the installation of XenApp and XenDesktop policies.
- Signature devices work across XenApp and XenDesktop and do not require a driver to be used as a signature device. Wacom has additional software that can be installed to customize the device further. See https://www.wacom.com/.
- Drawing tablets. Certain drawing input devices may present as an HID device on PCI/ACPI buses and are not supported. These devices should be attached on a USB host controller on the client to be redirected inside a XenDesktop session.
Policy rules take the format of tag=value expressions separated by whitespace. The following tags are supported:
| Tag Name | Description |
|---|---|
| Mode | The optimization mode is supported for input devices for class=03. Supported modes are: No optimization - value 01. Interactive mode - value 02. Recommended for devices such as pen tablets and 3D Pro mice. Capture mode - value 04. Preferred for devices such as signature pads. |
| VID | Vendor ID from the device descriptor, as a four digit hexadecimal number. |
| PID | Product ID from the device descriptor, as a four digit hexadecimal number. |
| REV | Revision ID from the device descriptor, as a four digit hexadecimal number. |
| Class | Class from either the device descriptor or an interface descriptor. |
| SubClass | Subclass from either the device descriptor or an interface descriptor. |
| Prot | Protocol from either the device descriptor or an interface descriptor. |
Examples
Mode=00000004 VID=067B PID=1230 class=03 #Input device operating in capture mode
Mode=00000002 VID=067B PID=1230 class=03 #Input device operating in interactive mode (default)
Mode=00000001 VID=067B PID=1230 class=03 #Input device operating without any optimization
Mode=00000100 VID=067B PID=1230 # Device setup optimization disabled (default)
Mode=00000200 VID=067B PID=1230 # Device setup optimization enabled
Disabling the screen saver for Wacom signature pad devices
For the use of Wacom signature pads and tablets, Citrix recommends that you disable the screen saver as follows:
- Install the Wacom-STU-Driver after redirecting the device.
- Install Wacom-STU-Display MSI to gain access to the signature pad control panel.
- Go to Control Panel > Wacom STU Display > STU430 or STU530, and select the tab for your model.
- Click Change, then select Yes when the UAC security window pops up.
- Select Disable slideshow, then Apply.
After the setting is set for one signature pad model, it is applied to all models.
Client USB device redirection
This setting allows or prevents redirection of USB devices to and from the user device.
By default, USB devices are not redirected.
Client USB device redirection rules
This setting specifies redirection rules for USB devices.
By default, no rules are specified.
When a user plugs in a USB device, the host device checks it against each policy rule in turn until a match is found. The first match for any device is considered definitive. If the first match is an Allow rule, the device is remoted to the virtual desktop. If the first match is a Deny rule, the device is available only to the local desktop. If no match is found, default rules are used.
Policy rules take the format {Allow:|Deny:} followed by a set of tag= value expressions separated by whitespace. The following tags are supported:
| Tag Name | Description |
|---|---|
| VID | Vendor ID from the device descriptor, as a four digit hexadecimal number. |
| PID | Product ID from the device descriptor, as a four digit hexadecimal number. |
| REL | Release ID from the device descriptor, as a four digit hexadecimal number. |
| Class | Class from either the device descriptor or an interface descriptor. |
| SubClass | Subclass from either the device descriptor or an interface descriptor. |
| Prot | Protocol from either the device descriptor or an interface descriptor. |
When creating new policy rules, remember:
- Rules are case-insensitive.
- Rules may have an optional comment at the end, introduced by #.
- Blank and pure comment lines are ignored.
- Tags must use the matching operator = (for example, VID=067B_.
- Each rule must start on a new line or form part of a semicolon-separated list.
- Refer to the USB class codes available from the USB Implementers Forum, Inc. web site.
Examples of administrator-defined USB policy rules:
- Allow: VID=067B PID=0007 # ANOther Industries, ANOther Flash Drive
- Deny: Class=08 subclass=05 # Mass Storage
- To create a rule that denies all USB devices, use “DENY:” with no other tags.
Client USB plug and play device redirection
This setting allows or prevents plug-and-play devices such as cameras or point-of-sale (POS) devices to be used in a client session.
By default, plug-and-play device redirection is allowed. When set to Allowed, all plug-and-play devices for a specific user or group are redirected. When set to Prohibited, no devices are redirected.