Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Enabling Redirection of Pnp Devices on Windows 2008

Posted on 2009-03-31
8
Medium Priority
?
14,196 Views
Last Modified: 2013-11-21
When I connect each day from my XP workstation to our Windows 2008 servers via Terminal Services, I generate an Event ID 36 telling me that "Redirection of additional supported devices is disabled by policy."  Description of how to address this warning (which can simply be ignored) is at:

http://technet.microsoft.com/en-us/library/cc775202.aspx

That said, since I hate ignoring warnings even when they are innocuous:

- What PnP device does the server think I am trying to redirect?  In the remote desktop connection settings, the only item checked under "Local devices and resources" is Clipboard (I've gone into "More" and made sure everything is unchecked including Smart Cards).  I've also got nothing hooked up to my mobo other than a graphics card, mouse, & keyboard.

- Is there a security risk or other issue with enabling the redirection of Pnp devices as the article outlines?

Thanks!
0
Comment
Question by:pcamis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 26

Expert Comment

by:PCBONEZ
ID: 24065274
From your link read this part:
>>>>
When a user establishes a remote session with a Windows Server 2008 terminal server, the supported Plug and Play device attached to the user's local computer can be redirected and made available to the user in the remote session.
<<<<

What that's saying is the problem device in not in the Server but in the user's local computer (the client PC).
The PnP info for some device in the client PC is being sent to the server and then being redirected back to the client PC [but now 'inside' the remote session] so that device can be used locally while the user is in the session with the server.

0
 

Author Comment

by:pcamis
ID: 24068440
Thanks pcbonez - I'm with you about the warning coming up because of PnP devices on the client PC.  Not sure what was being registered because the PC was barebones - nothing connected to the motherboard other than a basic graphics card, USB keyboard, and USB mouse.

Aside from that, and perhaps more importantly, do you know if I would be creating a security vulnerability by enabling client PC PnP devices to redirect to the host server?
0
 
LVL 26

Assisted Solution

by:PCBONEZ
PCBONEZ earned 500 total points
ID: 24069753
The USB driver may be being seen as an 'attached' PnP device as things like thumb drives, networking gear, modems, ect can be connected there.
[Just a wild guess mind you.]

Seems to me that if the person at that terminal isn't a risk then you won't have one.

All it really does is enable devices at the terminal so they can be used.
If you don't want those devices enabled then disable them locally (at the terminal) in other ways such as disconnecting, removing, turning them off in the BIOS.....
-
If the device doesn't work anyway it doesn't matter if the server redirects drivers and you can turn the pesky warning off by letting it do so.



0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:pcamis
ID: 24078942
Thanks pcbonez... I'm decided to try enabling PnP device pass-through on a test server.   The odd thing is that none of the restrictions listed in the link I originally posted are enabled (i.e. PnP devices should be enabled according to the TechNet article).

Has anybody else encountered this warning message on a Windows 2008 server and been able to resolve it?
0
 

Accepted Solution

by:
pcamis earned 0 total points
ID: 24130747
I think I've resolved the issue (I haven't seen an event id 36 in a while, so I'm presuming so).  From the instructions in the article I originally posted (http://technet.microsoft.com/en-us/library/cc775202.aspx), instead of leaving the box unchecked like the article instructs, I added a check next to the Terminal Services Configuration to disable the redirection of "Supported Plug and Play Devices".  Since I've checked the box, I no longer get the events.  Looks to me as though the article has things a bit backwards.
0
 

Expert Comment

by:TheBigDog
ID: 35479158
That didn't work for me, however, changing the "Allow RDP redirection of other supported RemoteFX USB Devices from this computer" to enabled in group policy seemed to do the trick. (Computer Config-Administrative Templates-Windows Components-Remote Desktop Services-RemoteFX USB Device Redirection)
0

Featured Post

Meet the Family that is Made for Collaboration

The TeamConnect Family product group as part of the Sennheiser for Business Portfolio comprising high-quality, technically well-conceived meeting solutions for business communication – designed for any meeting room and any meeting situation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question