Layer7 Privileged Access Management

Tech Tip - CA PAM: RDP Application

  • 1.  Tech Tip - CA PAM: RDP Application

    Posted 08-18-2016 12:03 PM

    CA PAM Tech Tip by Patrick Thomson

    Support Engineer PIMSC/PAM

    8/18/2016

     

    In the PAM client there is an option for RDP Application so when an account is checked out it is able to only run a certain application and the application is automatically opened for the user. This requires configuration of setting up RDP for the host and also configuring a 3rd party RDP Application on the host itself. The RDP Application however seems to have a flaw where it can only execute certain file types such as .exe.

     

    This however, can be corrected by tweaking the configuration. Please see below for an example of attempting to run dsa.msc so the user can only access the active directory users and computers rather than the console root from mmc.exe.

     

    dsa.msc is a subset of mmc so it requires the .exe as a precursor so it knows how to handle the dsa.msc request

    In PAM modify the path for RDP to be exactly as follows "C:\Windows\System32\mmc.exe" dsa.msc

    Then in the RDP application, modify the parameters for the mmc to push dsa.msc

    This should work and the correct location should start upon RDP.