CA PAM Tech Tip by Patrick Thomson
Support Engineer PIMSC/PAM
8/18/2016
In the PAM client there is an option for RDP Application so when an account is checked out it is able to only run a certain application and the application is automatically opened for the user. This requires configuration of setting up RDP for the host and also configuring a 3rd party RDP Application on the host itself. The RDP Application however seems to have a flaw where it can only execute certain file types such as .exe.
This however, can be corrected by tweaking the configuration. Please see below for an example of attempting to run dsa.msc so the user can only access the active directory users and computers rather than the console root from mmc.exe.
dsa.msc is a subset of mmc so it requires the .exe as a precursor so it knows how to handle the dsa.msc request
In PAM modify the path for RDP to be exactly as follows "C:\Windows\System32\mmc.exe" dsa.msc
Then in the RDP application, modify the parameters for the mmc to push dsa.msc
This should work and the correct location should start upon RDP.