Defining rules for using USB devices
USB rules allow you to restrict the use of USB mass storage devices to certain models, for example.
For the relevant OU or device, open Device configuration > Hardware > USB > Edit.
In the list-field, select a set of predefined rules as template.
- Double-click into the relevant line, or select a line and press F2.
Modify the rule by using the example rules below.
The values of the manufacturer ID (VID) and product ID (PID) can be found on the device in the Config panel under Peripherals > USB > Information):
Confirm with OK.
|Allow a specific USB mass storage device model only||ALLOW: VID=0781 PID=5151 # Allow a particular USB model (Example: SanDisk Cruzer Micro)
DENY: CLASS=08 # Deny all devices of the class MASS STORAGE DEVICES.
|Deny a specific smart card model only||DENY: VID=18a5 PID=0302 # Deny a particular smart card model (Example: Omnikey CardMan 3821)
ALLOW: CLASS=0B # Allow all devices of the class SMARTCARD
|Deny all printers, mass storage devices, smart card readers.||DENY: CLASS=07 # Deny all devices of the class PRINTERS
DENY: CLASS=08 # Deny all devices of the class MASS STORAGE DEVICES
DENY: CLASS=0B # Deny all devices of the class SMARTCARD
|Deny all devices||DENY: # Deny all devices.|
|Disable the microphone of a webcam||DENY: VID=045e PID=0810 CLASS=01 # Deny audio for the specified USB device|
The syntax of USB rules corresponds to the syntax of Citrix USB policy rules.
The USB rules affect all USB device classes including 03 HID (Human Interface Devices). If you deny the 03 HID class, the mouse and keyboard will be deactivated. If you deny all classes (DENY: # Deny all devices), also internal USB hubs and devices with manufacturer-specific device classes such as WLAN modules on the device will be affected. For specific hardware configurations, you might encounter issues during the boot process of the device. We strongly recommend performing tests before using this option.