Client drive redirection for group of users

Occasional Contributor

When we publish a WVD desktop to all users & need to have the client drive, clip board mapping disabled for all. But there will be a group of users who need access to client drive & clip board. 

We have Remote desktop session host policy to enable/disable redirection in Computer configuration (Machine policy), same is not available in User configuration. 

Same with registry "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services". 

What are the option available in WVD without having separate desktop with another set of VM only for client drive mapping to users?

3 Replies
One option you may try is to use the winstation permission setting for specific users. You can set it with RDS wmi provider Win32_TSAccount on TerminalName="rdp-sxs". You'll need to do this for each VM.
As local resource redirection uses virtual channel, you can allow/deny WINSTATION_VIRTUAL to control resource redirection.
Deny will take precedence over allow. it will work if you allow everyone for redirection during publishing, then use wmi to add user/user groups whom you want to deny redirection.
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tspermissionssetting
https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tsaccount

@Soo Kuan Teo Thank you, I will configure and test this option and let you know how it goes. 

@Soo Kuan Teo , explored this option, its not feasible to apply this on each VM in large enterprise. 

Better option I'm expecting it as a feature for user policy which can be filtered for active directory groups. or may be in future via user Azure AD policy.