4.20.2.2. Channel filtering

You can control which channels (i.e., remote facilities) can be used in the connection. The available facility channels are shown in the following table:

NameValue
RDP_CHANNEL_RDPDR Sharing of disks, printers, serial and parallel ports, and secure devices.
RDP_CHANNEL_RDPSNDSharing sound devices.
RDP_CHANNEL_SEAMRDP Displaying remote windows as local ones instead of displaying the whole remote desktop in a local window (called seamless RDP).

Table 4.58.  Channel names of remotely accessible facilities.

Example 4.39. Disabling channel RDPDR

The following proxy class disables access to file-shares, printers, and other similar facilites.

class MyRdpProxy(RdpProxy):
        def config(self):
                RdpProxy.config(self)
                self.channel_policy[RDP_CHANNEL_RDPDR] = ZV_REJECT

Applications can open custom channels to the clients connecting remotely to the server. To permit access to these channels, derive a proxy class and explicitly enable the channels required by the application. Consult the documentation of the application for the exact names of these custom channels. Alternatively, configure an RDP proxy and try to use the application: Zorp logs the names of the rejected channels.

Example 4.40. Enabling custom channels

The following proxy class enables access to custom channels examplechannelname1 and examplechannelname2 used by an application.

class CustomRdpProxy(RdpProxy):
        def config(self):
                RdpProxy.config(self)
                self.channel_policy[examplechannelname1] = ZV_ACCEPT
                self.channel_policy[examplechannelname2] = ZV_ACCEPT