Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 14435
  • Last Modified:

Enabling Redirection of Pnp Devices on Windows 2008

When I connect each day from my XP workstation to our Windows 2008 servers via Terminal Services, I generate an Event ID 36 telling me that "Redirection of additional supported devices is disabled by policy."  Description of how to address this warning (which can simply be ignored) is at:

http://technet.microsoft.com/en-us/library/cc775202.aspx

That said, since I hate ignoring warnings even when they are innocuous:

- What PnP device does the server think I am trying to redirect?  In the remote desktop connection settings, the only item checked under "Local devices and resources" is Clipboard (I've gone into "More" and made sure everything is unchecked including Smart Cards).  I've also got nothing hooked up to my mobo other than a graphics card, mouse, & keyboard.

- Is there a security risk or other issue with enabling the redirection of Pnp devices as the article outlines?

Thanks!
0
pcamis
Asked:
pcamis
  • 3
  • 2
2 Solutions
 
PCBONEZCommented:
From your link read this part:
>>>>
When a user establishes a remote session with a Windows Server 2008 terminal server, the supported Plug and Play device attached to the user's local computer can be redirected and made available to the user in the remote session.
<<<<

What that's saying is the problem device in not in the Server but in the user's local computer (the client PC).
The PnP info for some device in the client PC is being sent to the server and then being redirected back to the client PC [but now 'inside' the remote session] so that device can be used locally while the user is in the session with the server.

0
 
pcamisAuthor Commented:
Thanks pcbonez - I'm with you about the warning coming up because of PnP devices on the client PC.  Not sure what was being registered because the PC was barebones - nothing connected to the motherboard other than a basic graphics card, USB keyboard, and USB mouse.

Aside from that, and perhaps more importantly, do you know if I would be creating a security vulnerability by enabling client PC PnP devices to redirect to the host server?
0
 
PCBONEZCommented:
The USB driver may be being seen as an 'attached' PnP device as things like thumb drives, networking gear, modems, ect can be connected there.
[Just a wild guess mind you.]

Seems to me that if the person at that terminal isn't a risk then you won't have one.

All it really does is enable devices at the terminal so they can be used.
If you don't want those devices enabled then disable them locally (at the terminal) in other ways such as disconnecting, removing, turning them off in the BIOS.....
-
If the device doesn't work anyway it doesn't matter if the server redirects drivers and you can turn the pesky warning off by letting it do so.



0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
pcamisAuthor Commented:
Thanks pcbonez... I'm decided to try enabling PnP device pass-through on a test server.   The odd thing is that none of the restrictions listed in the link I originally posted are enabled (i.e. PnP devices should be enabled according to the TechNet article).

Has anybody else encountered this warning message on a Windows 2008 server and been able to resolve it?
0
 
pcamisAuthor Commented:
I think I've resolved the issue (I haven't seen an event id 36 in a while, so I'm presuming so).  From the instructions in the article I originally posted (http://technet.microsoft.com/en-us/library/cc775202.aspx), instead of leaving the box unchecked like the article instructs, I added a check next to the Terminal Services Configuration to disable the redirection of "Supported Plug and Play Devices".  Since I've checked the box, I no longer get the events.  Looks to me as though the article has things a bit backwards.
0
 
TheBigDogCommented:
That didn't work for me, however, changing the "Allow RDP redirection of other supported RemoteFX USB Devices from this computer" to enabled in group policy seemed to do the trick. (Computer Config-Administrative Templates-Windows Components-Remote Desktop Services-RemoteFX USB Device Redirection)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now