Patrick Thomson

Tech Tip - CA PAM: RDP Application

Discussion created by Patrick Thomson Employee on Aug 18, 2016

CA PAM Tech Tip by Patrick Thomson

Support Engineer PIMSC/PAM

8/18/2016

 

In the PAM client there is an option for RDP Application so when an account is checked out it is able to only run a certain application and the application is automatically opened for the user. This requires configuration of setting up RDP for the host and also configuring a 3rd party RDP Application on the host itself. The RDP Application however seems to have a flaw where it can only execute certain file types such as .exe.

 

This however, can be corrected by tweaking the configuration. Please see below for an example of attempting to run dsa.msc so the user can only access the active directory users and computers rather than the console root from mmc.exe.

 

dsa.msc is a subset of mmc so it requires the .exe as a precursor so it knows how to handle the dsa.msc request

In PAM modify the path for RDP to be exactly as follows "C:\Windows\System32\mmc.exe" dsa.msc

Then in the RDP application, modify the parameters for the mmc to push dsa.msc

This should work and the correct location should start upon RDP.

Outcomes