Symantec Privileged Access Management

  • 1.  Viewing Session Recordings

    Posted 04-11-2017 03:05 PM
      |   view attached


    We have recently implemented CA PAM 2.8.1 but have a question for the community


    When watching recordings of RDP of type,  information about the session and its recording is displayed, but I have an issue with some windows servers 2003 that don't display the user Info segment, Im only watching Xsuite ID and Xsuite User ID  Information but need to get recorded the targeted user login. I have tried configuring generic accounts and for the Windows accounts; have configured the Distinguish name and domain correctly, but without success. Is someone having the same issue? Or any ideas of how to force to display that? 


    Thanks in advance

  • 2.  Re: Viewing Session Recordings

    Posted 04-14-2017 01:25 AM

    Hi Alberto,


    Just to clarify, the RDP access is associated with Target Account of a Domain User? or user manually login to the Target Host?


    The issue only pertains to Windows 2003?

  • 3.  Re: Viewing Session Recordings

    Posted 04-16-2017 11:00 AM

    Hi wonsa03,


    Target Accounts are associated with Domain users and the login to the Hosts are configured with the autologin, but we have found when reviewing the recordings that in some cases the user Info is empty and that the hosts are windows 2003. The other hosts are windows 2008 and the user info is perfectly recorded. 


    thanks in advance

  • 4.  Re: Viewing Session Recordings

    Posted 04-18-2017 08:58 AM

    Hi Alberto.


    This might be due to the release. Windows 2008 brought several improvements and changes when compared to 2003 - there are functionalities that, despite have the same name/goal, are completely different between the two versions. One thing you can try to workaround this issue is to use some third-party tool like BGInfo to print the logged-in username to the desktop background (useful when running a full Desktop session). This way you will know at the beginning of the recording what is the logged in user.


    Please remember that Windows Server 2003 is no longer supported by Microsoft, so there is not much we can do here, sadly.


    Best Regards,

    Renato Pioker

  • 5.  Re: Viewing Session Recordings

    Posted 04-19-2017 11:47 AM

    What I need is to know which account was used by an admin to log in a specific server, so I will try with BFInfo and tell you how it worked. 


    Thanks in advance

  • 6.  Re: Viewing Session Recordings

    Posted 04-20-2017 03:27 PM

    Hi there!


    I have tried with BGInfo and it works well, I wonder to know what do you use for printing the User Info when login to a Unix Server.


    Thanks in advance

  • 7.  Re: Viewing Session Recordings

    Broadcom Employee
    Posted 04-18-2017 12:05 PM

    If the target account is from a Generic Application type then those fields are empty.

    If the rdp session was done with a Domain user (that is, that the target account is from a Domain Controler Target Application) , then this should be detailed.

  • 8.  Re: Viewing Session Recordings

    Posted 04-19-2017 01:52 AM

    Support to Windows 2003 is discontinued right after we learned that Microsoft no longer supported that OS.

  • 9.  Re: Viewing Session Recordings

    Broadcom Employee
    Posted 04-19-2017 04:23 AM

    This is right. PAM doesn't support Win2k3 after Release 2.5