Disable Client Drive Redirect Mapping In Remote Desktop Services Session Using Intune HTML Blog

Let’s discuss Disable Client Drive Redirect Mapping in a Remote Desktop Services Session using Intune. This policy setting prevents users from sharing local drives on their client computers to the Remote Desktop Servers they access. The mapped drive appears in the session folder tree in Windows Explorer.

The reason is, data can be passed from the user’s property Remote Desktop Services session to the user
local computer without direct user interaction. Malicious software already on the compromised server will have direct and hidden disk access to users local computingr during a Remote Desktop session.

By its impact, Encourages redirection it won’t be possible. In most situations, traditional network drive mapping to file shares (including administrative shares) is performed manually by connected users will serve as a capable substitute to still allow file transfers when necessary.

Enabling this policy will prevent users from accidentally or maliciously copying filessensitive company data (e.g. customer lists, financial reports) from a secure remote session/server down to their less secure local device (which may be a personal computer).

Disable Client Drive Redirect Mapping in Remote Desktop Services Sessions using Intune

In a scenario where REmote Desktop Session The host is compromiseddisabling drive redirection limits an attacker’s ability to do so extract data from a remote environment to a connected client or accessing a local client drive.

How to Start Policy Creation in the Intune Portal

You can start creating policies Block Private MSA Policy in Intune. Using simple steps, you can easily complete policy creation. Open Intune admin center. Go to Device > Configuration > Policies > + Create > + New policy.

Profile Creation

After that, you will get a profile window to select platforms And profile type. First of all, you choose the platform, then you can choose the profile type. Choose Windows 10 and later as a platform, and select settings catalogue as profile type. Click on make knob.

Basic Tab for Adding Name and Description

Basically tab is the first step in creating a policy. On this tab, you have to provide a Name for the policy you want to create. The name field is must. Without giving it a name, you cannot create a policy on the basic tab. You can also explain the policy, which it is information not mandatory. Click on Next knob.

Configuration Settings

That configuration tab lets you select specific policy settings to manage your organization’s devices. On this page, we click + Add Settings hyperlink. Then you will get a setting optionsr which will display various types of categories to select certain settings. Here, I selected Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Don’t allow drive redirection.

Disable Client Drive Redirection

t prevent users from copying easily malicious files or malware residing on the local machine to the top into a secure server/virtual desktop environment. Click on Next knob.

Enable Client Drive Redirection

To comply with data privacy regulations (eg GDPR or HIPAA), the company implemented a “no data on endpoint” rule. Click on Next knob.

The next part is Coverage label and which one not a necessity step. Assigning this policy to a specific group of users or devices will help. Here, I skipped that part and clicked Next knob.

Tasks Tab

That task tab is an important step that determines which groups can be selected to set policy. Click on +Add groups options under included groups. Select a group from group list on your tenants.

Click on Choose knob. And you can see the selected groups in Task tab. Click on Next button in the window below.

Review + Create

Review + Create tab is the final step of policy creation. In this tab, you can verify every detail of the policies added in previous step (basic configuration settings, scope tag assignment, etc). If you want to make changes, click the previous button; if not, you can click on it Make knob.

Monitoring Status

When the policy is created succeedyou can synchronization device on Company portal for faster deployment. Once the sync is complete, you can check status in the Intune Portal. Go to Devices > Configuration and look for the policy.

How to Remove Client Drive Redirection Policy

If you want delete That Block All Consumer Microsoft Account User Authentication policy on aligned portal, it is a very easy process. To do this, open the policy from the Configuration tab, and click it Edit button on the Tasks tab. Click on Delete button in this section to delete the policy.

For more detailed information, you can check our previous post – Learn How to Delete or Unassign Apps from Intune using Step by Step Guide.

How to Remove Client Drive Redirection

Intune allows you to easily delete policies within Intun Portal. Policy deletion necessary in an organization for various reasons. To delete a policy, click on it 3 points options and then click on Delete knob.

For more information, you can refer to our previous post – How to Remove Allow Clipboard History Policy in Intune Step by Step Guide.

Need More Help or Have a Technical Question?

JoinLinkedIn page AndTelegram Groupto get step by step guides and news updates. Join usmeEtup pageto participate in User group meetings. Also, JoinWhatsApp CommunicationNityto get the latest news about Microsoft Technologies. We were thereredditas well.

Author

Anoop C Nairhas been a Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solutions Architect with over 22+ years of experience in the Workplace technology space. He is a leader of the Community of Bloggers, Speakers, and Local User Groups. The main focus is on Device Management technologies such as SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.