VMware AppVolumes: Deploying AppStack fails when GPO “WPD devices” Deny read/write access is enabled

When this specific GPO is enabled the AppStack will be successfully mounted to the target but within the system you either get an error, Error 5, Access is denied or the program files directory of the deployed apps are completely without NFTS rights. Also you will see that the shortcut folder is created in the start menu but no shortcut will be in that folder. Removing the deployment and re assigning does not fix the problem.

The GPO which is the cause this is in: System/Removable Storage Access.

  • WPD Devices: Deny read access   -Enabled
  • WPD Devices: Deny write access  -Enabled

This GPO is set to disable USB devices like mobile phone storage.
Windows Portable Devices (WPD) is a driver technology that supports a wide range of portable devices such as mobile phones, digital cameras, and portable media players.

Somehow this causes that when you are deploying an AppStack, the applications will fail when deployed. Unsure why this happens at the time and the only solution is not to enable that specific WPD policies.

If you have enabled it, it’s not enough to put the GPO on “not configured” because the setting will remain. You will need to put the GPO on disabled first and let it

Also tested by disabling the USB via PCOIP policies and it has the same effect on AppVolumes deployed AppStacks.
This happend on a Windows 7, Horizon view deployed Desktops and could be recreated at command.


Blocking of USB Mass Storage device on the Virtual Desktops by using the PCoIP GPO for limiting the usage of USB devices only to generic Mouse / Keyboards & Webcams works. If any specific USB devices are needed on the Virtual Desktops these specific hardware codes are needed to be added to the GPO. With this way AppVolumes does work!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.