This content has been marked as final. Show 2 replies
If your sending your devices via -r usb:on, then I would implement some policy on the windows device, that's how we do it (no allowed devices just can't install their device). For WTS 2008 R2 we don't use -r usb:on, so I'm currently looking into ways in the script utdevadm to do something like a filter. Much nicer would be, Oracle would deliver some filter as they do in Virtual Box for srss 5.3 ?.
Yeah, stopping it at the Windows server (a citrix box in this case) is our fallback plan. I was just hoping to stop it one rung closer to the user. We are a high security sort of place so the less things work the better! Right now I'm poking into Linux modules to see if I can strip out most of the usb_storage drivers. We'll see how that goes.