Manualshelf

HP Remote Graphics Software 6.0 User Guide

ManualsBrandsHP ManualsSoftwareHP V6 Remote Graphics Software Upgrade Multi-User License
81828384858687888990
Remote USB Access Control List
RGS supports a per-remote computer access control list (ACL) file that specifies which USB devices
are allowed to be remotely attached to the remote computer from a local computer, and which USB
devices are denied attachment. The ACL file, which resides on the remote computer, supports
allowing/denying USB device attachments based on the following nine USB descriptor fields:
1. Device Class
2. Device Subclass
3. Device Protocol
4. Vendor ID
5. Product ID
6. Device BCD
7. Manufacturer
8. Product Type
9. Serial Number
USB device mounting can also be allowed/denied based on the following two parameters:
1. IP address of the local computer
2. The domain group of the local user
The ACL file supports two rule types: “allow” and “deny”. The rules are evaluated by the remote
computer for each USB connection request from a local computer as follows:
If any rule indicates the USB connection should be denied, the connection is denied, regardless
of any other rule.
If any rule indicates the USB connection should be allowed, and if there are no rules that deny
the connection, the connection is allowed.
If no rules match at all, the connection is denied.
Therefore, a deny rule takes precedence over an allow rule. The ACL file is implemented as an XML
(Extensible Markup Language) file. The ACL schema file is located at:
C:\Program Files\Hewlett-Packard\Remote Graphics Sender\hprUsbAcl.xsd
For backwards compatibility, the following default ACL file(installed during Sender installation) allows
all USB connections to be made:
C:\Program Files\Hewlett-Packard\Remote Graphics Sender
\hprDefaultUsbAcl.xml
The names for these files can be changed using the properties described in
Sender USB access
control list properties on page 139. The default ACL file contains the following contents, which allows
all USB connections to be made:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?> <hprUsbAcl>
rule type="allow"> <name>Allow all USB devices (HP default)</name> </
rule> </ruleset> </hprUsbAcl>
The following example ACL file denies all Remote USB attachment requests:
<hprUsbAcl> <ruleset> <rule type="deny"/> </ruleset> </hprUsbAcl>
Remote USB 77