Home » HP Manuals » Desktops » HP ProLiant xw2x220c » Manual Viewer

HP ProLiant xw2x220c Remote Graphics Software 5.2.5 User Guide - Page 109

Remote USB Access Control List

View all HP ProLiant xw2x220c manuals

Add to My Manuals
Save this manual to your list of manuals

Page 109 highlights

6-3-4 Remote USB Access Control List RGS supports a per-Remote Computer access control list (ACL) file that specifies which USB devices are allowed to be remotely attached to the Remote Computer from a Local Computer, and which USB devices are denied attachment. The ACL file, which resides on the Remote Computer, supports allowing/denying USB device attachments based on the following nine USB descriptor fields: 1. Device Class 2. Device Subclass 3. Device Protocol 4. Vendor ID 5. Product ID 6. Device BCD 7. Manufacturer 8. Product Type 9. Serial Number USB device mounting can also be allowed/denied based on the following two parameters: 10. IP address of the Local Computer 11. The domain group of the local user The ACL file supports two rule types: "allow" and "deny". The rules are evaluated by the Remote Computer for each USB connection request from a Local Computer as follows: • If any rule indicates the USB connection should be denied, the connection is denied, regardless of any other rule. • If any rule indicates the USB connection should be allowed, and if there are no rules that deny the connection, the connection is allowed. • If no rules match at all, the connection is denied. Therefore, a deny rule takes precedence over an allow rule. The ACL file is implemented as an XML (Extensible Markup Language) file. The ACL schema file is located at: C:\Program Files\Hewlett-Packard\Remote Graphics Sender\hprUsbAcl.xsd For backwards compatibility, the following default ACL file(installed during Sender installation) allows all USB connections to be made: C:\Program Files\Hewlett-Packard\Remote Graphics Sender\hprDefaultUsbAcl.xml The names for these files can be changed using the properties described in Section 8-6-5, "USB access control list properties." The default ACL file contains the following contents, which allows all USB connections to be made: Allow all USB devices (HP default) The following example ACL file denies all remote USB attachment requests: Advanced capabilities 109

Section	Page
Introduction to HP Remote Graphics Software	11
Typical RGS configuration	12
RGS Sender and Receiver	13
RGS features	14
Additional RGS features	14
Tabloid-size page	15
Obtaining HP technical support	15
RGS overview	16
Supported computers and operating systems	17
RGS version numbering	18
RGS licensing	18
RGS products	19
Sender and Receiver interoperability	21
Application support	21
Networking support	21
Connection topologies	21
The Remote Computer frame buffer	21
One-to-one connection	22
Many-to-one connection	23
One-to-many connection	23
Establishing an RGS connection using Standard Login	24
Single Sign-on and Easy Login	25
RGS operating modes	26
Multi-monitor configurations	27
Remote Computer monitor blanking overview	28
Video overlay surfaces	28
Image quality	29
Remote USB overview	30
USB session switching	30
Isochronous USB support	30
Install-time configuration of remote USB	31
Unique smartcard handling	32
Computers supporting remote USB	34
Supported USB devices	34
Remote audio overview	34
Remote audio on Windows	35
Remote audio on Linux	36
Support of sound recording devices on Windows	37
Computers and operating systems which support RGS audio	38
Remote Clipboard overview	39
Interoperability of RGS and Microsoft Remote Desktop Connect	41
Using RGS with desktop virtualization	41
Remote Computer power saving states	42
Supported keyboard locales	42
RGS security features	43
Installing RGS	44
Installing RGS on Windows	44
Installing the Receiver on Windows	44
Manual installation of the Receiver on Windows	44
Automatic installation of the RGS Receiver on Windows	46
Receiver installation log file	47
Uninstalling the RGS Receiver on Windows	47
Installing the Sender on Windows	48
Manual installation of the Sender on Windows	48
Using the RGS Diagnostics Tool on Windows	50
Starting the Sender on Windows	51
The Sender GUI on Windows	52
Manually starting and stopping the Sender on Windows	52
Setting the Windows Sender process priority	53
Setting the Sender process priority using regedit	54
Setting the Sender process priority using PTF	55
Using the rgadmin tool	56
Installing and enabling Single Sign-on	58
1. Enabling Single Sign-on during installation	58
2. Using the rgadmin tool to enable Single Sign-on	59
3. Manually enabling Single Sign-on	59
Setting the local security policy	60
Disabling Single Sign-on	60
1. Using the rgadmin tool to disable Single Sign-on	60
2. Manually disabling Single Sign-on	60
Installing and Enabling Easy Login	61
1. Enabling Easy Login during installation	61
2. Using the rgadmin tool to enable Easy Login	61
3. Manually enabling Easy Login	61
Chaining custom GINA modules for Easy Login	62
1. Install time specification of the custom GINA module	62
2. Using the rgadmin tool to specify a custom GINA module	62
3. Manually enabling hprgina.dll to load a custom GINA modul	62
Setting the Local Security Policy	63
Disabling Easy Login	63
1. Using the rgadmin tool to disable Easy Login	63
2. Manually disabling Easy Login	63
Automatic installation of the RGS Sender on Windows	64
Sender installation log file on Windows	65
Uninstalling the RGS Sender on Windows	65
Installing RGS on Linux	66
Installing the Receiver on Linux	66
Uninstalling the Receiver on Linux	67
Installing audio on the Linux Receiver	67
Audio Requirements	67
System Preparation	67
Customized Audio Installation	67
Installing the Sender on Linux	69
Starting the Sender on Linux	71
Disabling the Sender GUI on Linux	72
Uninstalling the Sender on Linux	72
Pre-connection checklist	73
Local Computer (Receiver) checklist	73
Remote Computer (Sender) checklist	73
NIC binding on the Sender	75
Manual NIC reconfiguration	75
NIC reconfiguration using the NIC binding properties	77
Using RGS through a firewall	78
Using RGS	79
Using RGS in Normal Mode	79
Receiver Control Panel	81
Setup Mode	81
Remote Display Window Toolbar	84
Remote Computer monitor blanking operation	85
Linux connection considerations	86
Full-screen crosshair cursors	86
Gamma correction on the Receiver	86
Black or blank connection session with the Linux Sender	86
RGS login methods	87
Standard Login	87
Easy Login	89
Single Sign-on	90
Changing your password	91
Collaborating	92
Creating a collaboration session	92
Collaboration notification dialog	93
Advanced capabilities	95
General options	96
Remote audio operation	97
Configuring audio on the Sender	97
Calibrating audio on the Sender	100
Disabling audio on the Sender	102
Using audio	103
Potential audio issues	104
Remote USB operation	105
Attaching a local USB device to a Remote Computer	106
USB session switching	108
Supported remote USB devices	108
Remote USB Access Control List	109
Determining USB device information	111
Determining USB device information for Windows	111
Determining USB device information for Linux	111
Verifying the USB data	111
Troubleshooting remote USB	112
Computers supporting remote USB	112
Supported USB devices	112
Check USB cable connections	112
Reset the USB device	112
Enable Remote USB	113
HP Remote Virtual USB Driver	114
USB device drivers and program support	115
Network timeouts	116
Network timeouts	116
Receiver network timeouts	117
Sender network timeout	119
Network timeout issues	120
Dialog timeouts	121
Hotkeys	122
Changing the Setup Mode hotkey sequence	123
Remote Clipboard operation	124
Remote Clipboard data transfers	125
Remote Clipboard filtering	127
Using the RGS log to detect clipboard problems	128
Receiver and Sender logging	131
Receiver logging	131
Sender logging	132
Statistics	133
Using Directory Mode	134
Directory file format	134
Starting the Receiver in Directory Mode	135
RGS properties	136
Property syntax	136
Setting property values in a configuration file	136
Setting properties on the command line	137
Authenticator properties	137
RGS Receiver properties	138
Receiver property hierarchy	138
Properties set using the Receiver Control Panel	138
Receiver command line properties	138
rgreceiverconfig file properties	138
Archive file properties	138
Receiver default properties	138
Receiver property groups	139
Receiver general properties	142
Receiver browser properties	147
Receiver audio properties	148
Receiver microphone property	148
Receiver USB properties	148
Receiver network properties	149
Receiver hotkey properties	149
Receiver Remote Clipboard properties	150
Receiver logging properties	151
Receiver image codec properties	152
Windows placement and size properties	153
RGS Sender properties	154
Sender command line properties	154
rgsenderconfig file properties	154
Sender default properties	154
Sender property groups	154
Sender general properties	155
Sender microphone property	156
Sender network timeout properties	157
Sender USB access control list properties	157
Sender NIC binding properties	157
Sender clipboard property	158
Sender event logging on Windows	159
The HPRemote log	159
Usages of the HPRemote log	161
Additional information on event logging	162
Remote Application Termination	163
RGS connection and user status	163
HPRemote log format	163
Sample agent	165
Agent design issues	169
Desktop session logout	169
Selective environment shutdown	169
Wrapping applications of interest	169
Administrator alerts	170
Anticipating user disconnects and reconnects	170
General agent design guidelines	170
Additional safeguard features for Windows systems	170
RGS Sender Service Recovery Settings	170
Microsoft Remote Desktop Recovery	171
Optimizing RGS performance	172
Performance tuning for all platforms	172
Performance tuning for Windows	172
Troubleshooting graphics performance	172
Configuring your network for optimal performance	173
Troubleshooting RGS	174
Potential RGS issues and troubleshooting suggestions	174
RGS error messages	175
Receiver error messages	175
Appendix A: Using RGS with HP VDI	178
A-1 VMware ESX networking considerations	179
A-2 Using RGS with static HP VDI	179
A-2-1 Create a new virtual machine	179
A-2-2 Modify the VMware ESX configuration (.vmx file)	180
A-2-3 Installing the RGS Sender on the virtual machine	182
A-3 Using RGS with dynamic HP VDI (based on VMware View)	182
A-3-1 Create a new virtual machine	183
A-3-2 Install the RGS Sender on View Master/Parent VM and mo	183
A-3-3 Install View Agent on View Master/Parent VM	183
A-3-4 Install the RGS Receiver and View Client on the client	183
A-4 Running RGS diagnostics	184
A-5 Disabling the RGS warning popup	184
A-6 RGS operating modes available with VDI	184
A-7 Using HP Session Allocation Manager with HP VDI	184
Appendix B: USB devices supported by RGS	185

Match case Limit results 1 per page

Advanced capabilities 109

6-3-4 Remote USB Access Control List

RGS supports a per-Remote Computer access control list (ACL) file that specifies which USB devices are allowed to

be remotely attached to the Remote Computer from a Local Computer, and which USB devices are denied

attachment. The ACL file, which resides on the Remote Computer, supports allowing/denying USB device

attachments based on the following nine USB descriptor fields:

Device Class

Device Subclass

Device Protocol

Vendor ID

Product ID

Device BCD

Manufacturer

Product Type

Serial Number

USB device mounting can also be allowed/denied based on the following two parameters:

10.

IP address of the Local Computer

11.

The domain group of the local user

The ACL file supports two rule types: “

allow

” and “

deny

”. The rules are evaluated by the Remote Computer for

each USB connection request from a Local Computer as follows:

•

If any rule indicates the USB connection should be denied, the connection is denied, regardless of any other

rule.

•

If any rule indicates the USB connection should be allowed, and if there are no rules that deny the

connection, the connection is allowed.

•

If no rules match at all, the connection is denied.

Therefore, a deny rule takes precedence over an allow rule. The ACL file is implemented as an XML (Extensible

Markup Language) file. The ACL schema file is located at:

C:\Program Files\Hewlett-Packard\Remote Graphics Sender\hprUsbAcl.xsd

For backwards compatibility, the following default ACL file

(

installed during Sender installation) allows all USB

connections to be made:

C:\Program Files\Hewlett-Packard\Remote Graphics Sender\hprDefaultUsbAcl.xml

The names for these files can be changed using the properties described in Section 8-6-5, “

USB access control list

properties

.” The default ACL file contains the following contents, which allows all USB connections to be made:

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>

<name>Allow all USB devices (HP default)</name>

</rule>

</ruleset>

</hprUsbAcl>

The following example ACL file denies all remote USB attachment requests:

</ruleset>

</hprUsbAcl>