Advanced Device Redirection (in AVD, W365, and RDS) 

Microsoft RemoteFX and was introduced in Windows Server 2008 R2 and provided advanced device redirection capabilities for RDS, but many administrators are completely unaware of this capability.

There is confusion about RemoteFX… the GPU enablement with Hyper-V was disabled a while back, but that’s just a small piece of what RemoteFX is used for… it also enables USB redirection… which (for a lot of less common device types) is disabled by default!

With RemoteFX advanced redirection enabled, nearly any USB device can be accessed via the RDP protocol including document scanners, finger print readers, bar code scanners, 3D mice – lots of crazy stuff that would otherwise not work without pre-registering the device USB ID (that’s another post!).

The purpose of this post is to summarize the steps I use to enable advanced device redirection (RemoteFX USB redirection) with AVD, Cloud PC, and Remote Desktop Services (RDS). 

It’s worth mentioning that this solution only works with Windows clients  (Mstsc.exe, Remote Desktop, Windows App – Preview, Azure Virtual Desktop Client – beta).   

What Do You Need?

To enable RemoteFX usb redirection two components are required:

  • A client side GPO or Policy  
  • A Server side GPO or policy 

 Client Side Settings
(your Windows remote PC… not your VDI VM): 

Launch gpedit.msc (local policy editor) and navigate to

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Redirection

Note: You want Administrators and Users… the default is Administrators only. 

I haven’t yet worked out the PowerShell (rather than use GPEdit) to update the client device – still need to do a little more digging here, but the policy above works well (could do with an AD GPO),
just remember to GPupdate / Force and reboot the client.

Server Side Settings
(Policy updates for the AVD/W365/RDS VMs)

Again Launch gpedit.msc (local policy editor) and navigate to:
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Services Session Host\Device and Resource Redirection 

Now go to:

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Services Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 

If you want to just run PowerShell (rather than use GPEdit) here’s some sample code to update the registry on the AVD / W365 / RDS VM or host:

# Remote Desktop "Server" (the VM being accessed - could be Windows Client OS!)
$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
Set-ItemProperty -Path $RegistryPath -Name "fEnableVirtualizedGraphics" -Value 1 -Type DWord
Set-ItemProperty -Path $RegistryPath -Name "fDisablePNPRedir" -Value 0 -Type DWord

#might not need the GPUpdate if you reboot?
GPUpdate /force

#Always love to Force the restart!
Restart-Computer -Force

Testing

Note: You must run gpupdate.exe /force on both the client and host VM(s) and reboot (those are included in the code samples!). 

Once all of that is done, you should see a little something new up at the top of your RDS session:

If everything if configured properly, you will see a computer icon (looks like a printer 😊) in the top status bar (full screen).  Clicking on the icon you will see a list of devices that are available for redirection. 

Select your preferred devices and press OK.   It will take several seconds for the devices to be presented in the target VM device list. 

Note: Sessions cannot share local devices simultaneously.  They can either be mapped locally or into the VM.  As such multiple connections with redirection are not recommended and could yield mixed results.  

You may need to load drivers in your session host VMs for devices that are not “plug and play”, and your mileage may vary as to the value of enabling redirection (redirected devices may use significant bandwidth!).

-John

Leave a Reply

Your email address will not be published. Required fields are marked *