It's not very flexable but you could try blocking port 32111 from the security server to the View desktop. That would prevent user from using USB redirection when tunneled through the security server. If that isn't an option maybe create a seperate pool for people connecting from outside the network and apply a View policy that prevents USB redirection.