Get Started!

˂ Return to XTAM Command Control

Getting Started Guide: XTAM Command Control

This guide is designed for System Administrators to learn about XTAM Command Control and how it can be used to govern which commands can or cannot be executed by users during remote sessions. To complete the guide be sure that you have access to a XTAM System Administrator account.

This Guide will be broken into two parts. The first part will describe how to setup a basic whitelist command policy and the second part will describe how to setup a blacklist command policy. In the attempt to keep this guide short and quick, we will demonstrate the functionality and provide screenshots using a Windows Host remote session, but please keep in mind that the same setup can be applied to a Unix Host remote session as well.

 

Whitelist Command Policy

In the whitelist scenario, we want to permit a user to login to a production server, but limit their ability to execute only certain commands. For this, we are going to implement a whitelist policy to include the command iisreset and then apply this policy to both this user and the production server. Finally, we will login to this policy controlled remote session to demonstrate how it will work from a user’s perspective.

 

Stage 1: Creating a Command Control Policy

Command Control policies are used to define which command(s) and arguments are to be added to either a whitelist or blacklist.

1

Login to XTAM as a System Administrator and navigate to Administrator > Command Control.

2

Click the Create button

3

Enter a user recognizable name in the Name field (required).

4

Enter a description into the Description field (optional).

5

In the Control Type dropdown menu, select Whitelist

6

Click the Add Command button

7

In the Command field, type the command iisreset

8

Click the Save button.

XTAM Command Control Whitelist Policy

Your Command Control Policy is now created.

 

Stage 2: Applying the Policy to a Record

Command Control policies are applied to records to ensure user commands are controlled when remote sessions are active.

1

Navigate and open a Windows Host or Unix Host record that you wish to apply this policy to. You must be a System Administrator or an Owner on the record to assign or configure Command Controls.

2

Click the Manage dropdown menu and then select the Command Controls option

3

Click the Add button

4

Enter your System Administrator (or another test account) in the Principal field and click Add

5

In the Command Control dropdown menu select the Command Control Policy by name that was created in Stage 1 of this guide.

6

Click the Select button

XTAM Command Control Assign Whitelist Policy

7

The Command Control Policy will appear in the list. If you had another policy, you could repeat this process as many times as needed. When complete, click the Save button to assign the policy to this record.

XTAM Command Control Assign Whitelist Policy Save

Your record now has the Command Control Policy assigned to it.

 

Stage 3: Executing Commands in a Policy Controlled Session

Now that we created the policy and assigned it to both our user and a record, it’s time to Connect to this remote session and see how Command Control actually works.

1

Return back to the record used in Stage 2 and click the Connect button. Command Control is supported in sessions with or without recording enabled.

2

Once successfully connected to your Windows session, you should immediately realize that mouse control is disabled. This is to prevent the user from interfacing with the host outside of our whitelisted command(s). When a session is being controlled using a Command Control Policy, the user will only be able to issue commands using XTAM’s command input field located at the bottom of the session window and the actual session will be used to provide feedback.

XTAM Command Control Input Field

3

To open a command prompt or PowerShell prompt, either enter the following commands or use the following quick launch options.

3a

For Command Prompt, type the command /cmd or select the cmd option from the command menu.

XTAM Command Control CMD Launch

3b

For PowerShell, type the command /powershell or select the ps option from the command menu.

XTAM Command Control PowerShell Launch

4

When the application opens, enter your whitelisted command (iisreset) into the input field and hit the Enter key to execute the command. The command will be sent to command prompt or PowerShell and be executed. The results will display in the application just as if you typed them natively. The command was sent and executed because it was included in our Whitelist policy.

XTAM Command Control iisreset Whitelist execution

5

Commands not included in Whitelist will naturally be forbidden, so let’s now test that. Enter any command besides iisreset into the input field and hit the Enter key. Rather than sending and executing your typed command, the input field clears the command and displays the message Command forbidden by policy.

XTAM Command Control Command Forbidden Message

6

Before disconnecting the session, explore the other options displayed in the Command menu to become familiar with the Quick Launch options.

XTAM Command Control Quick Launch Commands Menu

7

When you are finished, you can disconnect your remote session by either executing the /logout command or select the logout option from the command menu.

XTAM Command Control Logout Launch

 
 

Blacklist Command Policy

In the blacklist scenario, we want to permit a user to login to a production server, but limit their ability to open a remote desktop session to another server (commonly referred to a Server Jumping). For this, we are going to implement a blacklist policy to include the command mstsc and then apply this policy to both this user and the production server. Finally, we will login to this policy controlled remote session to demonstrate how it will work from a user’s perspective.

 

Stage 1: Creating a Command Control Policy

Command Control policies are used to define which command(s) and arguments are to be added to either a whitelist or blacklist.

1

Login to XTAM as a System Administrator and navigate to Administrator > Command Control.

2

Click the Create button

3

Enter a user recognizable name in the Name field (required).

4

Enter a description into the Description field (optional).

5

In the Control Type dropdown menu, select Blacklist

6

Click the Add Command button

7

In the Command field, type the command mstsc

8

Click the Save button.

XTAM Command Control Blacklist Policy

Your Command Control Policy is now created.

 

Stage 2: Applying the Policy to a Record

Command Control policies are applied to records to ensure user commands are controlled when remote sessions are active.

1

Navigate and open a Windows Host or Unix Host record that you wish to apply this policy to. You must be a System Administrator or an Owner on the record to assign or configure Command Controls.

2

Click the Manage dropdown menu and then select the Command Controls option

3

Click the Add button

4

Enter your System Administrator (or another test account) in the Principal field and click Add

5

In the Command Control dropdown menu select the Command Control Policy by name that was created in Stage 1 of this guide.

6

Click the Select button

XTAM Command Control Assign Blacklist Policy

7

The Command Control Policy will appear in the list. If you had another policy, you could repeat this process as many times as needed. When complete, click the Save button to assign the policy to this record.

XTAM Command Control Assign Blacklist Policy Save

Your record now has the Command Control Policy assigned to it.

 

Stage 3: Executing Commands in a Policy Controlled Session

Now that we created the policy and assigned it to both our user and a record, it’s time to Connect to this remote session and see how Command Control actually works.

1

Return back to the record used in Stage 2 and click the Connect button. Command Control is supported in sessions with or without recording enabled.

2

Once successfully connected to your Windows session, you should immediately realize that mouse control is disabled. This is to prevent the user from interfacing with the host outside of our whitelisted command(s). When a session is being controlled using a Command Control Policy, the user will only be able to issue commands using XTAM’s command input field located at the bottom of the session window and the actual session will be used to provide feedback.

XTAM Command Control Input Field

3

To open a command prompt or PowerShell prompt, either enter the following commands or use the following quick launch options.

3a

For Command Prompt, type the command /cmd or select the cmd option from the command menu.

XTAM Command Control CMD Launch

3b

For PowerShell, type the command /powershell or select the ps option from the command menu.

XTAM Command Control PowerShell Launch

4

When the application opens, enter your blacklisted command (mstsc) into the input field and hit the Enter key to execute the command.
Rather than sending and executing your typed mstsc command, the input field clears the command and displays the message Command forbidden by policy. The command was not sent and executed because it was included in our Blacklist policy.

XTAM Command Control Command Forbidden Message

5

Commands not included in Blacklist will naturally be permitted, so let’s now test that. Enter any command besides mstsc into the input field and hit the Enter key. The command will be sent to command prompt or PowerShell and be executed. The results will display in the application just as if you typed them natively. The command was sent and executed because it was not included in our Blacklist policy.

6

Before disconnecting the session, explore the other options displayed in the Command menu to become familiar with the Quick Launch options.

XTAM Command Control Quick Launch Commands Menu

7

When you are finished, you can disconnect your remote session by either executing the /logout command or select the logout option from the command menu.

XTAM Command Control Logout Launch

 
 

Copyright © 2018 Xton Technologies, LLC. All rights reserved.