How to publish a remote access to a given URL as an application in PAM
Document ID :
Last Modified Date :
Show Technical Document Details
CA Privileged Access Management
PRIVILEGED ACCESS MANAGEMENT:CAPAMX
Terminal services allows publishing different applications, which an subsequently be accessed by using RDPWeb, and also as RDP applications in PAM.
In Terminal Services, each new RDP application can be defined with specific command line arguments, so for instance, it would be possible to publish internet explorer (C:\Program Files\iexplorer.exe) and specify as its argument the URL that we would like ot access (for instance https://aap1.mydomain.com).
As a result it i possible to publish different URL in a remote Windows server as different applications. The different URL must be specified as command line arguments.
However, CA PAM does not have the same format for defining a remote RDP service to be published: there is only room for the path to the remote application and no explicit reference to its arguments.
This means that PAM expects to launch exactly what is defined in its application definition. For instance, let's imagine we want to launch
using Internet explorer
In Terminal services we would create a collection and we would publish C:\Program Files (x86)\Internet Explorer\iexplore.exe with a command line argument of https://myapp.mydomain.com
In CA PAM we would create a RDP service specifying as path: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://myapp.mydomain.com
However, trying to use the newly created RDP service would result in a "Permission denied" error and nothing would be run
CA PAM all versions
There is a workaround to achieve this:
1. In the server we want to publish the access to the remote URL application, define a collection with the following options
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command line arguments: Accept any parameter
2. In PAM define applications you want to use as having the following path
" C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://myapp.mydomain.com
Was this information helpful?