Abstract: Identical USB devices can be differentiated and managed. During enumeration, a filter driver can be loaded on the device stack of any USB device to enable it to selectively allow or block the particular USB device based on a unique identifier of the USB device. The filter driver can obtain this unique identifier of the particular USB device and compare it to an applicable policy to determine whether the particular USB device is allowed. If the policy indicates that a USB device having the unique identifier should be blocked, the filter driver can stop the enumeration process so that the USB device cannot be accessed.

Abstract: Identical USB devices can be differentiated and managed. During enumeration, a filter driver can be loaded on the device stack of any USB device to enable it to selectively allow or block the particular USB device based on a unique identifier of the USB device. The filter driver can obtain this unique identifier of the particular USB device and compare it to an applicable policy to determine whether the particular USB device is allowed. If the policy indicates that a USB device having the unique identifier should be blocked, the filter driver can stop the enumeration process so that the USB device cannot be accessed.

Abstract: Source devices can be secured using a display device filter. When a display device is connected to a source device, a display device filter can identify the display device and determine whether it is a trusted display device. If the display device filter determines that the display device is not trusted, it can take a number of actions to minimize the likelihood of harm to the source device. These actions may include preventing the source device from booting, shutting down the source device, locking the source device, blocking access to other devices, and/or notifying an administrator. In this way, a malicious user can be prevented from gaining access to the source device.

Abstract: Multilevel redirection can be performed in a VDI environment. When a user establishes a second remote session within a first remote session, various redirection techniques can be configured to span both remote sessions so that redirection will be available within the second remote session in the same manner that redirection was available in the first remote session. Therefore, from the user perspective, redirection will occur regardless of whether the user has established a single tier remote session or multitier remote session.

Abstract: Source devices can be secured using a display device filter. When a display device is connected to a source device, a display device filter can identify the display device and determine whether it is a trusted display device. If the display device filter determines that the display device is not trusted, it can take a number of actions to minimize the likelihood of harm to the source device. These actions may include preventing the source device from booting, shutting down the source device, locking the source device, blocking access to other devices, and/or notifying an administrator. In this way, a malicious user can be prevented from gaining access to the source device.

Abstract: Multilevel redirection can be performed in a VDI environment. When a user establishes a second remote session within a first remote session, various redirection techniques can be configured to span both remote sessions so that redirection will be available within the second remote session in the same manner that redirection was available in the first remote session. Therefore, from the user perspective, redirection will occur regardless of whether the user has established a single tier remote session or multitier remote session.