Remote Apps with TSPlus

This guide is designed for System Administrators to learn about PAM Remote App Launchers using TSplus and to create a secure, high trust login to MS SQL Server Management Studio . Before you begin this guide, ensure you have the following pre-requisites:

1. Fully implemented, configured and working TSplus host. You will need access to the host to install our PAM Auto Shell program and to publish this application.
2. Updated instance of Privileged Access Management with a System Administrator login.
3. MS SQL Server Management Studio installed on this TSplus host in the location:
Copy

1
C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\Ssms.exe

4. Valid connection credentials for a MS SQL database connection (Server name, Login and Password).

Guide topics:

With the pre-requisites out of the way, this guide will cover the following topics:

1. Deploying and publishing the Auto Shell program

2. Configuring the Remote Apps record types

3. Creating your Remote App Host record

4. Creating your Remote App Launcher record

5. Testing your Remote App connection

Deploying and publishing

Step 1: Deploying and publishing the Auto Shell program on your TSplus Host

1. Copy the PAM Auto Shell program from your PAM host server to your TSplus host. The program is located at:
Copy

1
$PAM_HOME\pkg\pam-app-launcher.zip

 

2. Login to your TSplus host.

3. On your TSplus host, extract our pam-app-launcher.zip to C:\app. The full program path should be:

   Copy

   1
   c:\app\XtAutoShell\XtAutoShell.exe

   and an Include directory and PamRemoteApp.jar file will also be in this location.

4. In the TSplus Admin Tool, navigate to Applications > Application Publishing and add a new application for the XtAutoShell application using the following configuration:

   

   Copy

   1
   2
   3
   4
   5
   6
   Display Name:  XtAutoShell
   Path/Filename:  C:\app\XtAutoShell\XtAutoShell.exe
   Start Directory:  C:\app\XtAutoShell
   Command Line Option: /wait
   
   Assign this application to All Users:  Enabled/checked

    

5. Enable standard Remote Desktop access to this host server and enable permissions for the user account that you intend to define in your PAM Remote App Host record.

Configuring Remote Apps record

Step 2. Configuring the Remote Apps record types.

1. Login to PAM as a System Administrator.
2. Navigate to Administration > Record Types.
3. Locate the Record Type Remote App Host and click its Edit button.
4. Uncheck the option Hidden and then click Save.
5. Return to the Record Types page and repeat this process for the Record Type MS SQL Studio.

3. Remote App Host record

Step 3. Creating your Remote App Host record.

This record will create the secure, remote connection to your TSplus server host.

1. Navigate to Records > All Records and (optionally) create a new folder.
2. Create a new Record using the type Remote App Host.
3. Enter a Name and Description.
4. Populate the following connection and configuration values:

   • Host: Enter the host name for the remote desktop connection to your Windows Remote Desktop Services server.

   • Port: Enter the port number for the remote desktop connection to your Windows Remote Desktop Services server.

   • User: Enter the user account that will establish the remote desktop connection and launch the published PAM Auto Shell program.

   • Password: Enter the password for this user account.

   • Filter: Enter the value MS SQL Studio. This defines which remote applications can be launched with the Remote App Host record. Empty value will permit any applications to be used.

   • Remote App Platform: Select TSplus from the dropdown menu.

   • Enabled: Check this box to enable this host for connection.

5. Click Save and Return.

4. Remote App Launcher record

Step 4. Creating your Remote App Launcher record.

This record will be used by the PAM users to securely launch your MS SQL Server Management Studio remote application.

 

1. Create a new Record using the type MS SQL Studio.
2. Enter a Name and Description.
3. Populate the following connection and configuration values:

   • Host: Enter the server name for your MS SQL Database connection.

   • User: Enter the user account for your MS SQL Database connection.

   • Password: Enter the password for this user account.

4. Click Save and Return.

5. Testing your connection

Step 5. Testing your Remote App connection.

1. Open the MS SQL Studio record that was created in the previous step.
2. Select the Connect and Record option to establish the connection with session recording enabled.
3. A new session will open. It will first establish a secure connection to your Remote App Host server and then it will launch the PAM Auto Shell script. Now, the PAM Auto Shell program will launch MS SQL Server Management Studio, populate the Server name, User and Password parameters automatically and open the database connection. Once the connection is made, keyboard and mouse controls will be returned to you.
4. Navigate through your MS SQL database and execute a few test SQL commands. Once satisfied, you may exit MS SQL Server Management Studio and then disconnect the secure remote session by closing this browser tab or window.
5. At this point, you may review the video and keystroke recordings by opening the Sessions tab for this record.

This completes the PAM Remote App Launcher using TSplus walkthrough.

For additional remote app topics and how-to guides, return to the Remote App Launcher main page and use the topics listed at the bottom to navigate the available articles.

 

˂ Return to PAM Remote App Launcher