Connecting a USB device to a shared remote computer comes with the additional risk of possibly exposing sensitive data on the device to unauthorized users.
It doesn’t matter what kind of device you have connected to your shared computer - whether it’s a USB flash drive, audio card or 3D mouse, it is possible to isolate the device using USB Network Gate. You can choose to allow access by sessions or specifying a Microsoft User Account locally or on the domain.
If you wish to make use of the device isolation tools, make sure that the “Device Isolation Components” checkbox is selected in the Setup USB over Ethernet screen when installing the software. This must take place on the USB Network Gate Client – i.e. the machine that is remotely connected to the USB device.
The server is the machine with the USB device physically connected to it. There is no need to install Device Isolation Components when setting up the USB Network Gate Server.
The USB Network Gate Device Isolation Components is made up of these files:
- Device isolation driver (sessapart.sys) and;
- Dynamic link libraries (sesapart32.dll and sessapart64.dll)
To isolate your USB device by session, follow these steps:
- Download and install USB Network Gate on your server machine. This is the machine that will have the physical device attached to it.
- Once installed, run the program and select the “Local USB devices” tab.
- Locate the device from the list of devices shown on the screen and click on the “Share” option next to the name of the device.
- The selected device is now shared on the USB Network Gate Server and you can proceed to set up the client machine(s). Install the software on the client as per Step One.
Remember to check the USB Network Gate “Device Isolation Components” in the setup screen.
- Select the “Remote USB device” tab and locate the device from the list.
- Click on the dropdown list and choose the “Connect for this session” option. Alternatively you can locate the “Connect Devices” from the menu bar and select the “Connect for this session” option from there.
Note that there is an “Enable RDP autoconnect” checkbox. Enabling that does not work when you are isolating by session. The name of the session that is granted access to the connected device will be displayed next to the device.
When the session is closed, the device will be disconnected from the client computer automatically.
With a per session isolation – even if a user has multiple sessions open, they will not be able to access the device from any other session other than the authorized one.
Per-user USB device isolation
The alternative to allowing access to a session is to grant access to a user account. To do this follow the same steps as above for isolation by session but select the “Connect for this user” option.
Again, this can be done from the drop down next to the name of the device or from the “Connect devices” menu option from the menu bar.
When the device is connected, the name of the user account that is authorized to access the device will be displayed on the screen next to the device name.
When setting up the client machines, if you forgot to check the “USB Network Gate Device Isolation Components” – you will receive a system prompt advising you that can not set up the device isolation and you will have the option to install the required components at this point.
The type of USB device that can be isolated using USB Network Gate is not limited to typical peripherals like a mouse or keyboard. Scanners, cameras, flash drives etc. are all supported.