VMWare Horizon View Client: Disable Client Drive Redirection

TL;DR:

[HKEY_LOCAL_MACHINE\Software\Policies\VMware, Inc.\VMware VDM\Client]
“DisableSharing”=”true”

VMWare has been tinkering with the name, version, function and anything other they can come up with for a while now. For example, we’ve upgraded the VMWare View Client version 5.x to VMWare Horizon Client 4.3.0 recently, i think. I get that the name “view” is disappearing from the product, but why they are **** around with versionnumbers is beyond me.

Anyway, since VMWare Horizon View 6.x the function “Client Drive Redirection” has been added, which lets you redirect local client drives and folders to your View/Horizon/whatever session. This function, frankly, is useless and I don’t want it. We use a UPM tool (RES) to map networkdrives and have USB redirection enabled. Client Drive Redirection only presents a security risk, as it seems to ignore drive restriction policies. For example, by default, the View client on our thin clients shows the “share drive” option, giving the user access to the local drive of the thinclient that they are using. They can’t do real damage because of the write-filter ofcourse, but I just dont want it.

Since the 4.x clients for VMWare Horizon. (which has VMWare-view.exe as executable.. thanks VMWare), it seems that we’ve lost all control of which components we can install: Client Drive Redirection becomes mandatory.

Searching the net, i’ve found the following registry setting: HKLM\Software\VMware, Inc.\VMware TSDR\disabled=true

Unfortunately, this seems to be an agent setting, which doesn’t remove the sharing option from the client itself.

Fortunatly, since client version 4.3.0, the people at VMWare have seen fit to supply us with an option to disable the whole option. See table 3-7 of “Using VMware Horizon Client for Windows Horizon Client 4.3”

If you open the PDF, you will find the mention of “Disable sharing files and folders” in table 3-7, and also see that this is a “User Configuration setting”.

Well, **** VMWare.

First of all, i’m configuring thin clients, which won’t be member of our Active Directory domain, so AD GPO’s are out.
Local Group policy would work, but cannot be configured programmatically, from for example, a SCCM or MDT task sequence.

As a test i’ve enabled the policy on a testing system, and found that the following registry keys and values had been created:

[HKEY_CURRENT_USER\Software\Policies\VMware, Inc.\VMware VDM\Client]
“DisableSharing”=”true”

Because i’m stubborn, i tried creating the same keys and values on a system that doesn’t have the ADM-templates loaded, and also, changed HKCU to HKLM, and what do you know: IT WORKS.

So, if you are like me and only need a simple registry setting for the local machine, put the following in your installscript, and go enjoy the weekend:

[HKEY_LOCAL_MACHINE\Software\Policies\VMware, Inc.\VMware VDM\Client]
“DisableSharing”=”true”

2 Responses

  1. Hi Yannick.!

    Great efforts and most appreciated is that you are sharing your work and learning.

    I was able to disable local drive redirection however see that it also eventually blocks access to USB drives too.

    Can you please suggest how can we achieve this without disabling the USB Drive redirection.!

    1. Hi Syed,

      Glad to help! In our scenario USB redirection continued to work after enabling this setting. Keep in mind that you will need to enable the USB drive during an active session by selecting it from the top bar. You can also configure it to automatically connect the device.

      Difference is that the disabled option will disable redirection of a drive from the client to the horizon session. You need to ‘connect’ the whole usb device to the horizon session in stead, via usb device redirection.

Leave a Reply