Hi Dejan, I didn't find any records of this having been done before. PAM doesn't specifically support the application protocol used by power shell. It would have to be a TCP service defined with Application Protocol = Disabled, in which case PAM basically just routes the connection. The Client Application could be a string for launch of a PS window, possibly invoking a PS script with command line arguments, or it could be empty and the user would launch PS on their own and then connect to the local IP and Port that the PAM client listens on for this service. The Ports field would be something like 5985:* or 5986:*, depending on whether the HTTP or HTTPS port is used, and when the PAM user launches the service a popup will show which local IP (as defined in the service) and which port to connect to. This will then be routed through PAM to the configured port on the target device. With command line arguments the local IP and local port could be passed into a PS script with parameters <Local IP> and <First Port>.