How to Easily Disable Local Drive Redirection with Intune

In this article, let us discuss how to easily Disable Local Drive Redirection with Microsoft Intune. Local drive redirection is a Remote Desktop Services (RDS) feature that allows users to access files and folders on their local computer from within a remote desktop session.

When local drive redirection is enabled, users can access files stored on their local drives (such as C:\ or D:\) directly from within applications running on the remote desktop session.

However, there are security concerns associated with local drive redirection, as it can potentially expose sensitive data from the local computer to the remote session. For example, if a user inadvertently copies confidential files from their local drive to the remote session, those files could be accessed by other users who have access to the remote session.

Disabling local drive redirection prevents users from accessing files and folders on their local computer from within a remote desktop session. This can be useful in environments with strict security policies are in place or where there are concerns about data leakage.

Patch My PC
[sibwp_form id=2]

In summary, disabling local drive redirection prevents users from accessing files and folders on their local computer within a remote desktop session, enhancing security and reducing the risk of data exposure.

How to Easily Disable Local Drive Redirection with Intune. Fig. 1
How to Easily Disable Local Drive Redirection with Intune. Fig. 1

What are the Advantages of Disable Local Drive Redirection?

Disabling local drive redirection in Remote Desktop Services (RDS) environments like Windows 365 Cloud PCs can offer several advantages. The table below shows these advantages.

CategoryAdvantages
Enhanced SecurityBy preventing users from accessing their local drives within a remote desktop session, organizations can mitigate the risk of data leakage or exposure of sensitive information to unauthorized users. This helps to maintain the confidentiality and integrity of data.
Data Loss PreventionDisabling local drive redirection helps prevent accidental data loss or theft by restricting the movement of files between local and remote environments. This reduces the likelihood of sensitive data being inadvertently copied or transferred to unauthorized locations.
ComplianceOrganizations operating in regulated industries, such as healthcare or finance, may be subject to industry-specific regulations and data protection standards. Disabling local drive redirection can help organizations comply with these regulations by minimizing the risk of unauthorized data access or transfer.
Protection Against MalwareLocal drive redirection can potentially expose remote desktop sessions to malware or malicious files stored on users’ local drives. Disabling this feature helps protect the remote desktop environment from such security threats and reduces the risk of malware propagation.
Resource OptimizationDisabling local drive redirection can help optimize network bandwidth and server resources by reducing the amount of data transferred between local and remote environments. This is especially beneficial in scenarios where large files are frequently accessed or transferred.
Improved PerformanceBy reducing the volume of data transferred between local and remote environments, disabling local drive redirection can contribute to improved performance and responsiveness of remote desktop sessions, particularly in bandwidth-constrained or high-latency network environments.
Simplified ManagementDisabling local drive redirection simplifies the management and administration of the remote desktop environment by reducing the complexity associated with monitoring and controlling access to local drives within remote sessions. This can lead to lower administrative overhead and streamlined IT operations.
How to Easily Disable Local Drive Redirection with Intune – Table 1

Disabling local drive redirection helps organizations enhance security, prevent data loss, achieve compliance with regulatory requirements, optimize resource utilization, improve performance, and simplify management within their Remote Desktop Services environment.

Create Configuration Profile to Disable Local Drive Redirection with Intune

Follow the below-mentioned steps to create a configuration policy to Disable Local Drive Redirection with Intune. Log In to the Microsoft Intune Admin Center using your administrator credentials.

Adaptiva
  • Navigate to Devices  Windows > Configuration Profiles
  • Click on +Create +New Policy
How to Easily Disable Local Drive Redirection with Intune. Fig. 2

In the next step, we can create a new Configuration Profile starting from scratch. For that, give the below options as mentioned.

  • Platform: Windows 10 and later
  • Profile type: Settings catalog
How to Easily Disable Local Drive Redirection with Intune. Fig. 3
How to Easily Disable Local Drive Redirection with Intune. Fig. 3

In the Basics details pane, we can give the Configuration profile name “Disable Local Drive Redirection.” If needed, provide a brief policy description and click Next.

How to Easily Disable Local Drive Redirection with Intune. Fig. 4
How to Easily Disable Local Drive Redirection with Intune. Fig. 4

We can now add the required settings to the Configuration Settings pane. To do so, click on +Add settings in the bottom left corner of the page.

Note! With the Settings catalog, you can choose which settings you want to configure. Click on Add Settings to browse or search the catalog for the settings you want to configure.

How to Easily Disable Local Drive Redirection with Intune. Fig. 5
How to Easily Disable Local Drive Redirection with Intune. Fig. 5

Search for “Drive Redirection” as a keyword. This will help you find the correct policy based on our current needs. Now you can see the “Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resources Redirection” under the Browse by category. Click on that and pick the settings below.

  • Do not allow drive redirection

Note! This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). An RD Session Host server maps client drives automatically upon connection by default. Mapped drives appear in the session folder tree in File Explorer or Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behaviour. If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP. If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.

How to Easily Disable Local Drive Redirection with Intune. Fig. 6
How to Easily Disable Local Drive Redirection with Intune. Fig. 6

Close the Settings picker window and toggle the “Do not allow drive redirection” option as Enabled. Click on Next

How to Easily Disable Local Drive Redirection with Intune. Fig. 7
How to Easily Disable Local Drive Redirection with Intune. Fig. 7

On the next page, Leave the Scope tags as Default. If you have any custom scope tags available, you can also select that for this deployment.

How to Easily Disable Local Drive Redirection with Intune. Fig. 8
How to Easily Disable Local Drive Redirection with Intune. Fig. 8

Click on Next and assign the configured policy to HTMD – Test Computers. In the Included Groups option, click on Add groups and select the required device group.

How to Easily Disable Local Drive Redirection with Intune. Fig. 9
How to Easily Disable Local Drive Redirection with Intune. Fig. 9

On the Review + Create page, carefully review all the settings you’ve defined for the Disable Local Drive Redirection policy. Select Create to implement the changes once you’ve confirmed everything is correct.

How to Easily Disable Local Drive Redirection with Intune. Fig. 10
How to Easily Disable Local Drive Redirection with Intune. Fig. 10

Monitor the Disable Local Drive Redirection Policy in Intune

This particular policy has been deployed to the Microsoft Entra ID group (HTMD – Test Computers). The policy will take effect as soon as possible once the device is synced.

  • To monitor the policy deployment status from the Intune Portal, follow the below-mentioned steps.
  • Navigate to Devices > Windows > Configuration Profiles > Search for the “Disable Local Drive Redirection” policy.
  • Under the Device and user check-in status, you can see the deployment status for the same.
How to Easily Disable Local Drive Redirection with Intune. Fig. 11
How to Easily Disable Local Drive Redirection with Intune. Fig. 11

End User Experience – Disable Local Drive Redirection Policy

Now, we have to check whether the Disable Local Drive Redirection policy is working fine or not. Log in to one of the policy-targeted devices. In this example, mentioned in the first screenshot below, you can see the drive map and redirection is present before applying the policy.

The second screenshot shows after the policy was applied. The Redirected Drive is unavailable, and if we try to map it again, it won’t work due to the policy restriction.

How to Easily Disable Local Drive Redirection with Intune. Fig. 12
How to Easily Disable Local Drive Redirection with Intune. Fig. 12

I appreciate you taking the time to read my article. I’m excited to see you in the upcoming post. Continue to support the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Vaishnav K has over 10+ years of experience in SCCM, Device Management, and Automation Solutions. He writes and imparts his knowledge about Microsoft Intune, Azure, PowerShell scripting, and automation. Check out his profile on LinkedIn.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.