You can create rule to allow/deny access to specific users on a Windows server or desktop to connect to the required server. To disconnect a session refer, .
To configure the rule for a Windows server or desktop, perform the following:
Ensure that the Windows computer which you want to access is registered to Privileged Account Manager as a agent. For more information, see Installing and Registering a Framework Agent.
In the home page of the administrator console, click Command Control.
(Conditional) If you want to control who can access a particular Windows computer, create a user group with the user name in capital letters.
If you want to deny specific users to access the server or desktop, create a separate user group and add the user names (in capital letters) in the Users field. By default all the users are granted access to the server.
Add a rule:
In the Command Control pane, click Rules.
In the details pane, click Add.
Specify a name for the rule, then click Add.
Select the newly added rule, then click edit icon in the details pane.
(Conditional) Configure the following for the users, who are allowed to access the Windows computer:
Session Capture: Yes
Authorize: Yes
Run User: Submit User
Run Hosts: Submit Host
For more information about the rule configuration fields, see Modifying a Rule.
(Conditional) Configure the following for the users, who are denied access to the Windows Computer:
Session Capture: No
Authorize: No
Click Modify.
In the middle pane, click the commands icon.
From the list of commands, drag the Windows Direct Session command and drop it to the newly added rule.
NOTE:If some of the users are not part of any defined user group, the actions of that user is not monitored but in the Reports console you can view the users who are connecting to the server or desktop, and the time when they started the session.