USB device forwarding and user permissions

Forum / NoMachine Cloud Server Products / USB device forwarding and user permissions

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #27538
    tom5
    Participant

    Hello,

    Apologies for another forum post!  I’ve been playing around with USB device forwarding quite a bit during this evaluation.  We’ll definitely need it to workaround erratic mouse behavior in some of the applications we use (found this backed up by a few other forum posts).

    I think I’ve generally got it working (some clients but not all).  However, I’d appreciate some guidance.

    Firstly, for USB devices to successfully connect (from Client to Enterprise Desktop), I’ve found that it’s necessary to authenticate with NoMachine using the Local Administrator account credentials for our Enterprise Desktops, not an Active Directory account (with or without admin privileges on the Enterprise Desktop) .  We would want all of our students and staff to authenticate with NoMachine using their (non-admin) Active Directory credentials.  Is this possible?  We’d want this to apply to all AD accounts that have yet to login to NoMachine, and so aren’t yet listed in the NoMachine user database.

    Is it also the case that a Client user needs to have admin privileges on the Client computer to be able to forward USB devices to an Enterprise Desktop? Under the current circumstances, I’m wondering whether that may cause us some issues down the line.  I.e a student using a family/shared computer to access our Enterprise Desktops.

    Many thanks,  Tom

    #27613
    Giorgi-G.
    Contributor

    Hi Tom,

    Thanks for your questions! I have some more, to clarify what you want to do.

    1. What OS you have on the machine with NoMachine Cloud Server Installed?

    2.

    Firstly, for USB devices to successfully connect (from Client to Enterprise Desktop), I’ve found that it’s necessary to authenticate with NoMachine using the Local Administrator account credentials for our Enterprise Desktops, not an Active Directory account (with or without admin privileges on the Enterprise Desktop)

    To successfully connect or to be able to use a connected device?

    3.

    We would want all of our students and staff to authenticate with NoMachine using their (non-admin) Active Directory credentials.

    All of your students will be connected to one server? And will forward their mouses to it? Or only one student will be connected to one server, but just under the AD account, not admin.

    4.

    I think I’ve generally got it working (some clients but not all).

    The USB forwarded device from the client to the server depends only on the server. So if it works well with one client it also should work with any other clients. Can you please explain in more detail, what is wrong in your case?

    5. For sessions, you use Virtual Desctop, not physical desktop connection right?

    6.

    Is it also the case that a Client user needs to have admin privileges on the Client computer to be able to forward USB devices to an Enterprise Desktop?

    No. It doesn’t matter.

    #27619
    tom5
    Participant

    Hello Giorgi,

    Many thanks for the reply.  Please see answers below.

    1. What OS you have on the machine with NoMachine Cloud Server Installed?

    Windows 10 Pro 1903 (for this evaluation period at least).  Cloud Server v6.10.12

    2. Firstly, for USB devices to successfully connect (from Client to Enterprise Desktop), I’ve found that it’s necessary to authenticate with NoMachine using the Local Administrator account credentials for our Enterprise Desktops, not an Active Directory account (with or without admin privileges on the Enterprise Desktop)

    To successfully connect or to be able to use a connected device?

    To successfully ‘Connect a USB device’, I must authenticate with NoMachine using the local administrative credentials of the Enterprise Desktop computer. If I authenticate with NoMachine using an AD account, it’ll try to ‘Connect a USB device’ for around 30 seconds before showing the red circle with an exclamation mark and stating ‘Failed to connect the device…’.  Note that ‘Connect a disk’ works with an AD account.  I can’t even ‘connect a USB device’ that is the same USB disk that successfully connected using ‘Connect a disk’ a few seconds previously.

    3. We would want all of our students and staff to authenticate with NoMachine using their (non-admin) Active Directory credentials.

    All of your students will be connected to one server? And will forward their mouses to it? Or only one student will be connected to one server, but just under the AD account, not admin.

    We’ve got ~100 iMacs in a number of computer suites.  Our hope is for students to be able to use these iMacs remotely from home whilst social distancing measures are in place.  i.e. online lessons and project work.  The idea being each iMac would be used by a single student at any time.  I think our plan will be to limit the number of concurrent connections to each computer to 2, so tutors could jump into sessions and see student work/offer support etc.

    After connecting to an iMac, a student will then need to forward their own mouse to that iMac.

    Yes, we would want students to authenticate with NoMachine AND login to the iMac using their AD credentials, which don’t have any admin privileges.

    All connections must be made via the Cloud Server (direct connections disabled) and all connections are via tunnel.

    4. I think I’ve generally got it working (some clients but not all).

    The USB forwarded device from the client to the server depends only on the server. So if it works well with one client it also should work with any other clients. Can you please explain in more detail, what is wrong in your case?

    I’ve spent all morning testing, trying various things out and can still only get it to work on two out of three test clients.  Note that all of these test clients are also Enterprise Desktops.

    If we call these computers 2, 3, 5:

    2 (OSX 10.14.6, NoMAchine 6.9.2, EnabledUSBSharing both) – successfully ‘connect a disk’ and ‘connect a USB device’ to workstations 3 and 5

    3 (OSX 10.14.6, NoMAchine 6.9.2, EnabledUSBSharing both) – successfully ‘connect a disk’ and ‘connect a USB device’ to workstations 2 and 5

    5 (OSX 10.14.6, NoMAchine 6.9.2, EnabledUSBSharing both) – successfully ‘connect a disk’ but FAILs to ‘connect a USB device on workstations 2 and 3.  Fails to connect the same USB disk as a ‘USB device’.

    I’m thinking the issue must by with computer number 5. Tried reinstalling NoMachine, disabling firewall, ensuring ‘nxnode’ and ‘NoMachine’ are added to the accessibility tab under Privacy, no ‘Allow’ button displayed on the General tab of Security & Privacy.

    5. For sessions, you use Virtual Desktop, not physical desktop connection right?

    As these are Mac workstations, I believe they are classed as a physical desktop.  They are listed as a Server in NoMachine Cloud.

    6. Is it also the case that a Client user needs to have admin privileges on the Client computer to be able to forward USB devices to an Enterprise Desktop?

    No. It doesn’t matter.

    I’ve, unfortunately, found that it does matter.  If I log into one of the computers as a student AD account (no admin privileges), authenticate with NoMachine and login to the Enterprise Desktop using the same student AD account and go to ‘Connect a USB device’, under Local Devices it states ‘no device found’.  I’ve left it for a couple of minutes so its not a case of any delay.  Devices are listed under ‘Remote Devices’  This is also the case if I login to a computer with the student AD account, but then authenticate with NoMachine and login to the Enterpise Desktop using the administrative account for the Enterprise Desktop.

    As above, logging into the client, authenticating with NoMachine and Logging into the Enterprise Desktop as the local administrative account of our computers works OK.  The only change here is the different user account on the client computer.

    Thanks again, Giorgi.

    Tom

    #27682
    Giorgi-G.
    Contributor

    Hi Tom,

    I still try to reproduce your issue on our machines. Meanwhile, can you please explain, what you mean with ‘erratic mouse behavior’ in your configuration?

    Thanks.

    #27704
    tom5
    Participant

    Hi Giorgi,

    Thanks for the reply.

    When using Ableton Live software via NoMachine, adjusting any of the rotary pots with the mouse is really difficult because they become hyper sensitive.  The tiniest movements can make a pot go from 0-100.  You can also draw in automation lines (for volume/pan control on an audio clip etc.) with a mouse and that’s overly sensitive too.

    Native Instrument plug-in pots don’t work at all with a mouse via NoMachine.

    I stumbled on a KB article and a couple forum posts which gave me the idea of forwarding the mouse as a USB device:

    https://www.nomachine.com/TR12Q09486

    https://forums.nomachine.com/topic/world-of-tanks-mouse-capture#post-6224

    https://forums.nomachine.com/topic/using-nomachine-to-play-mouse-captured-games

    Thanks.  Tom

    #27719
    tom5
    Participant

    Hello,

    Britgirl asked me to check this again after installing an updated package.  No change, unfortunately.

    On a client computer, it is still necessary to login to NoMachine using the Local Administrator account of an Enterprise Desktop (Mac) to be able to connect a USB device.  Once logged into NoMachine as the ED Local Administrator, I can login to the Enterprise Desktop as any type of user (ED local Admin, Domain Admin and standard AD user) and they can all connect a USB device.  Logging into NoMachine with any other type of account (Domain Admin with admin privileges for ED, standard AD account) will result in not being able to connect a USB device.

    On the point about a client user must have admin privileges for the client computer for Local devices to be listed under Connect a USB device.  I found this to be the case for Mac clients but not PC clients.  A PC user with standard permissions can connect a USB device.

    Tom

    #27743
    Giorgi-G.
    Contributor

    Hi Tom,

    Regarding mouse erratic behaviour, we confirm that your case is the same as described in TR https://www.nomachine.com/TR12Q09486 

    Regarding, your cloud server configuration, we are making progress in our lab. Monday will come back to you with updates.

    #27752
    tom5
    Participant

    Hi Giorgi,

    Thanks for all of your efforts with this.  Much appreciated.  I believe this is the only outstanding issue with have with NoMachine now.

    Have a great weekend.  Tom

    #27770
    Giorgi-G.
    Contributor

    Hi Tom,

    The issue, you have faced, was reproduced in our lab and we have created TR for it. https://www.nomachine.com/TR05R09712

    Please subscribe to it, to be informed when it will be closed.

    #27813
    tom5
    Participant

    Hello Giorgi,

    Thanks again for your efforts with this.  We’ve received some great technical support during this evaluation.  I’m glad you were able to recreate the issue.

    Does that trouble report also relate to authenticating with NoMachine with an AD account?  The TR states the issue is when logged into the remote mac as a non-admin user.  As above, the issue for us is when logging into NoMachine (not the remote computer) with any AD account, even an AD account with administrative privileges.   Have you got an estimate of when you think this issue will be resolved?

    And when you think the mouse sensitivity TR will be resolved? I’ve just run a test with a number of staff and some mouse sensitivity issues were picked up even with mouse forwarding enabled.  We’re going to investigate this further over the next week to understand how much of an issue it is for us.

    We’re hoping to roll out NoMachine from September (the start of our academic year) so it’ll be great to know if you think these issues will be resolved prior to then so we can keep it under consideration.

    Thanks again, Giorgi.

    Tom

     

    #28187
    Britgirl
    Participant

    Both https://www.nomachine.com/TR05R09712 and https://www.nomachine.com/TR12Q09486 are being worked on, but I cannot say whether they’ll both be released in production before September.

    #28214
    tom5
    Participant

    Understood, Britgirl.  Thanks for the reply.

Viewing 12 posts - 1 through 12 (of 12 total)

This topic was marked as solved, you can't post.