dlwyatt
commented
5 years ago Beats me. Maybe by reverse engineering the group policy CSE that controls that setting. Remember, the policy file editor is really just meant for setting things that are found under “Administrative Templates”. Anything else is going to be a rabbit hole.
On May 16, 2019, at 2:12 PM, chrisdavis925 notifications@github.com wrote:
Hello,
Thanks for your wonderful module!!
I have noticed a problem when attempting to enable the USB RemoteFX USB Redirection feature when using your policy. What I have found is that the PolicyFileEditor module does correctly set configuration in the GUI if the GPEDIT.msc console, and it does appear to create the registry key, but yet whatever other back end "magic" that happens when you manually enable the feature in the GUI is not happening when using PolicyFileEditor module.
Here is an example. Run the following command: set-PolicyFileEntry -path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client' -ValueName "fUsbRedirectionEnableMode" -Data '2' -Type DWord
When you check the GPEDIT.msc configuration under Computer Configuration\Windows Components\ Remote Desktop Services \ Remote Desktop Client Connection \ RemoteFX USB Device Redirection\Allow RDP Derection of other supported RemoteFX USB devices from this computer you will see that it is correctly set to "Enabled" for "Administrators and Users".
However, it doesn't actually work. You can know this by opening the Device Manager and selecting your USB Host Controller (Example: Intel USB Host Controller) and clicking the Driver Tab, and selecting "Driver Details". When the RemoteFX USB Redirection feature correctly enables, you will see C:|WINDOWS\system32\drivers\tsusbflt.sys listed as one of the driver files.
To demonstrate how it should work, you can manually open GPEDIT.msc and go to the configuration listed above and "disable" or "not configure" it. Click Apply. Then, select "Enabled" for "Users and Administrators". Click Apply. Now check your driver files and you will see that the tsusbflt.sys driver file is immediately added - even without a reboot or GPUPDATE.
I guess my question is - how can someone figure out what other "magic" is happening behind the scenes other than the registry key that gets set (which doesn't appear to paint the whole picture)?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
chrisdavis925
Hello,
Thanks for your wonderful module!!
I have noticed a problem when attempting to enable the USB RemoteFX USB Redirection feature when using your policy. What I have found is that the PolicyFileEditor module does correctly set configuration in the GUI if the GPEDIT.msc console, and it does appear to create the registry key, but yet whatever other back end "magic" that happens when you manually enable the feature in the GUI is not happening when using PolicyFileEditor module.
Here is an example. Run the following command:
set-PolicyFileEntry -path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client' -ValueName "fUsbRedirectionEnableMode" -Data '2' -Type DWordWhen you check the GPEDIT.msc configuration under
Computer Configuration\Windows Components\ Remote Desktop Services \ Remote Desktop Client Connection \ RemoteFX USB Device Redirection\Allow RDP Derection of other supported RemoteFX USB devices from this computeryou will see that it is correctly set to "Enabled" for "Administrators and Users".However, it doesn't actually work. You can know this by opening the Device Manager and selecting your USB Host Controller (Example: Intel USB Host Controller) and clicking the Driver Tab, and selecting "Driver Details". When the RemoteFX USB Redirection feature correctly enables, you will see C:|WINDOWS\system32\drivers\tsusbflt.sys listed as one of the driver files.
To demonstrate how it should work, you can manually open GPEDIT.msc and go to the configuration listed above and "disable" or "not configure" it. Click Apply. Then, select "Enabled" for "Users and Administrators". Click Apply. Now check your driver files and you will see that the tsusbflt.sys driver file is immediately added - even without a reboot or GPUPDATE.
I guess my question is - how can someone figure out what other "magic" is happening behind the scenes other than the registry key that gets set (which doesn't appear to paint the whole picture)?