RDP Passthrough for Dongles and
BYOD USB Devices
If you wish to unlock X-Ways
Forensics remotely when your dongle or
BYOD USB device is plugged in locally, that
can work using RDP after following a few steps:
Firstly, on the remote machine:
1. In Edit Group Policy: Computer Configuration >
Administrative Templates > Windows Components > Remote Desktop
Services > Remote Desktop Session Host > Device and Resource
Redirection > Do not allow supported Plug and Play device
redirection | Disabled. This typical Windows “double-negative”
allows for redirected devices to be detected on your remote PC.
2. Run gpupdate /force. Restart remote machine.
Secondly, on the local machine:
1. In Edit Group Policy: Computer Configuration >
Administrative Templates > Windows Components > Remote Desktop
Services > Remote Desktop Connection Client > RemoteFX USB Device
Redirection | Enable Allows RDP redirection of other supported
RemoteFX USB devices from this computer (Administrators and Users).
2. In Device Manager, copy the hardware ID (e.g.
USB\VID_0951&PID_1666&REV_0100) in Properties | Details tab of the
USB device that has been assigned the X-Ways Forensics Licence.
3. In Edit Group Policy: Computer Configuration >
Administrative Templates > System > Device Installation > Device
Installation Restrictions > Prevent installation of devices that
match any of these device IDs | Click Show... then paste the
hardware ID into the top field. Check also apply to matching devices
that are already installed. Click Apply. This will uninstall the USB
device and notify that this device will not be installed. The USB
device will be listed in Device Manager as “Other Device” with its
friendly name. If this does not happen, uninstall the USB in Device
Manager and repeat this step.
4. Before connecting to the remote machine via RDP, click the Show Options
button if necessary, and in the Local Resources tab click More > Other Supported RemoteFX USB Devices |
Check the friendly name of the USB device, either “USB Input Device
(HID-compliant vendor-defined device)” for a
dongle or something like “Data Traveler” for a
BYOD USB device. You may need to reboot your
machine to have that option.
If you have connected a BYOD USB device,
after a short delay, Windows Explorer in the RDP connected machine
will open with that USB device. XWF will then recognize it as a
“physical” device when it is next started. This method allows X-Ways
Forensics to work with standard user permissions on the remote
machine. X-Ways Forensics currently does not support running as an
administrator with a remote BYOD USB device.
Further information on RemoteFX USB Redirection can be found
here (although meant for Microsoft Azure, it works for LAN
devices too).
|