Forum Discussion
Client drive redirection for group of users
When we publish a WVD desktop to all users & need to have the client drive, clip board mapping disabled for all. But there will be a group of users who need access to client drive & clip board. We ...
Soo Kuan Teo
Microsoft
MicrosoftOne option you may try is to use the winstation permission setting for specific users. You can set it with RDS wmi provider Win32_TSAccount on TerminalName="rdp-sxs". You'll need to do this for each VM.
As local resource redirection uses virtual channel, you can allow/deny WINSTATION_VIRTUAL to control resource redirection.
Deny will take precedence over allow. it will work if you allow everyone for redirection during publishing, then use wmi to add user/user groups whom you want to deny redirection.
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tspermissionssetting
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tsaccount
As local resource redirection uses virtual channel, you can allow/deny WINSTATION_VIRTUAL to control resource redirection.
Deny will take precedence over allow. it will work if you allow everyone for redirection during publishing, then use wmi to add user/user groups whom you want to deny redirection.
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tspermissionssetting
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tsaccount
Soo Kuan Teo , explored this option, its not feasible to apply this on each VM in large enterprise.
Better option I'm expecting it as a feature for user policy which can be filtered for active directory groups. or may be in future via user Azure AD policy.
