Remote Apps Getting Started Guide

PAM Privileged Remote Application Launcher using Windows RDS.

This guide is designed for System Administrators to learn about PAM Remote App Launchers and to create a secure login to MS SQL Server Management Studio.

Before you begin this guide, ensure you have the following pre-requisites:

1. Fully implemented, configured and working Windows Remote Desktop Services Host with Published RemoteApp functionality enabled. You will need access to the host to install our PAM Auto Shell program and to make it a Published RemoteApp Program.
2. Both the Drives and Clipboard options must be enabled in the RDS Collection’s Client Settings configuration (shown in the screenshot below).



3. Updated instance of Privileged Access Manager with a System Administrator login.

4. MS SQL Server Management Studio installed on this host in the location:

   Copy

   C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\Ssms.exe

5. Valid connection credentials for a MS SQL database connection (Server name, Login and Password).

Topic guide

With the pre-requisites out of the way, this guide will cover the following topics:

1. Deploying and publishing the PAM Auto Shell program

2. Configuring the PAM Remote Apps record types

3. Creating your PAM Remote App Host record

4. Creating your PAM Remote App Launcher record

5. Testing your Remote App connection

1: Deploying and publishing

Step 1. Deploying and publishing the Auto Shell program on your Windows Remote Desktop Services Host.

1. Copy the PAM Auto Shell program from your PAM host server to your Windows Remote Desktop Services host. The program is located at:
Copy

1
{PAM_HOME}\pkg\pam-app-launcher.zip

2. Login to your Windows Remote Desktop Services host.

3. On your Windows Remote Desktop Services host, extract our pam-app-launcher.zip to C:\app. The full program path should be:

   Copy

   1
   c:\app\XtAutoShell\XtAutoShell.exe

4. Publish XtAutoShell.exe as a new RemoteApp Program with the exact program name and alias XtAutoShell.

   

5. Ensure User Assignment is properly configured for the published XtAutoShell RemoteApp. To modify User Assignment, right click on XtAutoShell and choose Edit Properties.

   

6. Enable Remote Desktop to this host and enable permissions for the user account that you intend to define in your PAM record.

2. Configuring Remote Apps record

Step 2. Configuring the Remote Apps record types.

1. Login to the System as a System Administrator.
2. Navigate to Administration > Record Types.
3. Locate the Record Type Remote App Host and click its Edit button.
4. Uncheck the option Hidden and then click Save.
5. Return to the Record Types page and repeat this process for the Record Type MS SQL Studio.

3. Creating Remote App Host record

Step 3. Creating your Remote App Host record.

This record will create the secure, remote connection to your Windows Remote Desktop Services server host.

1. Navigate to Records > All Records and (optionally) create a new folder.
2. Create a new Record using the type Remote App Host.
3. Enter a Name and Description.
4. Populate the following connection and configuration values:

   • Host: Enter the host name for the remote desktop connection to your Windows Remote Desktop Services server.

   • Port: Enter the port number for the remote desktop connection to your Windows Remote Desktop Services server.

   • User: Enter the user account that will establish the remote desktop connection and launch the published PAM Auto Shell program.

   • Password: Enter the password for this user account.

   • Filter: Enter the value MS SQL Studio. This defines which remote applications can be launched with the Remote App Host record. Empty value will permit any applications to be used.

   • Remote App Platform: Select Windows RDS from the dropdown menu.

   • Enabled: Check this box to enable this host for connection.

5. Click Save and Return.

4. Creating Remote App Launcher record

Step 4. Creating your Remote App Launcher record.

This record will be used by the System users to securely launch your MS SQL Server Management Studio remote application.

1. Create a new Record using the type MS SQL Studio.
2. Enter a Name and Description.
3. Populate the following connection and configuration values:

   • Host: Enter the server name for your MS SQL Database connection.

   • User: Enter the user account for your MS SQL Database connection.

   • Password: Enter the password for this user account.

4. Click Save and Return.

5. Testing your connection

Step 5. Testing your Remote App connection.

1. Open the MS SQL Studio record that was created in the previous step.
2. Select the Connect and Record option to establish the connection with session recording enabled.
3. A new session will open. It will first establish a secure connection to your Remote App Host server and then it will launch the PAM Auto Shell script. Now, the PAM Auto Shell program will launch MS SQL Server Management Studio, populate the Server name, User and Password parameters automatically and open the database connection. Once the connection is made, keyboard and mouse controls will be returned to you.
4. Navigate through your MS SQL database and execute a few test SQL commands. Once satisfied, you may exit MS SQL Server Management Studio and then disconnect the secure remote session by closing this browser tab or window.
5. At this point, you may review the video and keystroke recordings by opening the Sessions tab for this record.

This completes the PAM Remote App Launcher walk through.

For additional remote app topics and how-to guides, return to the Remote App Launcher main page and use the topics listed at the bottom to navigate the available articles.

˂ Return to PAM Remote App Launcher