Privileged session monitoring and management is important for achieving the compliance and security requirements, but can be complex and time-consuming to achieve. Privileged account Manager 4.0 onwards you can monitor and manage RDP sessions with agentless capability.
Ensure that the agentless module is installed.
The agentless component of Privileged Account Manager (agentless) is supported only on Windows, SLES 12 (64-bit), SLES 15 (64-bit), Oracle Linux 8 (64-bit), or RHEL 8(64-bit).
NOTE:
For Oracle Linux 8 (64-bit) and RHEL 8 (64 bit), install the redhat-lsb-core package.
For SLES 12 (64-bit) and SLES 15 (64-bit), install the lsb-release package.
You must install libpango and libcairo, and the dependent packages for both SLES and RHEL. Additionally for RHEL alone install dejavu-sans-fonts.
This method has agent less access benefits. This feature works without any agent installed in the target machine. Using this method, you can provide access to the target RDP machine through a standard RDP client. This feature provides the ability to access Privileged Account Manager functionality without an agent for Privileged Account Manager on the target host. RDP Relay allows users to connect to a remote host without knowing the privileged account credentials such as password or identity certificate of the user. RDP Relay session videos can be captured only if the Privileged Account Manager is in Linux environment.
The functionality also provides clientless benefits. It is called "clientless" because no plugins or client software is required. Remote desktop gateway supports standard protocols like VNC, RDP, and SSH. Once the agentless module is installed all you need to access your desktops is a web browser.
NOTE:You cannot add scripts when you are using RDP Web Relay.
You can configure a RDP Web Relay for Windows machines to allow users to remotely access these machine without the privileged account credentials
This method is beneficial if you do not want any operating system installed software or client.
Resolves issues with Network level Authentication users as they do not have to do any additional configurations.
No requirement of MSTC-RDP file to be downloaded. System from which you launched the RDP session can be lightweight in terms of space and memory.
After a RDP Web relay is configured by an administrator, the user can access the privileged session as follows:
Log in using the Privileged Account Manager user credentials and click Login.
Click Home > My Access > Predefined Tags > Windows and click the launch icon before the appropriate resource name.
You can administer the live Remote Desktop Protocol Web Relay session as it opens in Home > Active Sessions. The administrator audits the user actions in this privileged session and views these reports in the administration console.
Consider a scenario where the administrator has to provide privileged access to Windows system and the Privileged Account Manager user can access the session from the browser. For this scenario, the administrator must perform the following configuration in Access Control:
Create a Windows or LDAP type Credential Vault resource for the Windows system and add the respective credentials.
Click Users and add the users (LDAP or Local) which will be using the resource.
Click Access Control > User Roles and create a user group and add the users who can access the resource.
Click Access Control > Resource Pools and create a resource group and add the Windows Vault for Agentless Windows Servers
Click Access Control > Assignments and create an RDP Web and add the user group and resource pool that you created in steps 2 and 3 to it.
Assign the permissions as relevant.
Click Finish.
After the administrator configures the authorization rule in Privileged Account Manager, the Privileged Account Manager user can gain privileged session as follows:
Log in using the Privileged Account Manager user credentials and click Login.
Click Home > My Access > Predefined Tags > Windows and click the launch icon before the appropriate resource name.
You can administer the live Remote Desktop Protocol Web Relay session as it opens in Home > Active Sessions. The administrator audits the user actions in this privileged session and views these reports in the administration console.
The administrator audits the user actions in this privileged session and views these reports in the administration console.