How To Create Rdp Account

Connect using RDP

Connect to target devices directly from your desktop using any standard RDP client application, such as MSTSC or Connection Manager, to benefit from a native user experience.

To connect using a smart card:

Smart card drivers must be installed on the PSM machine
The smart card must include a valid certificate
The Vault must be configured with LDAP integration

There are two ways to connect using RDP:

Create an RDP file for each account you want to access, and then double-click the file to connect.

If you have multiple accounts that you access regularly, we recommend that you create an RDP file for each, after which you will be able to connect to all of your accounts without additional configuration. For details, see Create an RDP file
Connect using any standard RDP client.

Configure the RDP client whenever you want to access the target account. For details, see Connect using a standard RDP client

You can also see Connect using MSTSC or Connect using Connection Manager if you are using one of these specific clients.

In either case, you can connect without providing connection details in advance, as described in Connect using RDP without providing details in advance.

Create an RDP file

There are two ways to create an RDP file:

Manually, as described in the procedure below.
Save it from the RDP client UI. You can make the configurations in the UI and then save them as a file. For details, see Connect using a standard RDP client

Perform the following procedure for each target account.

To create an RDP file manually:

Create an RDP file in the following format:

Configure the following RDP settings:

Example 1: Windows server on RDP protocol

To connect to a Windows server with the address of 10.10.2.145, with the user admin and with the RDP protocol, use the following configuration in the Start Program setting:

                          psm /u admin /a 10.10.2.145 /c PSM-RDP

Example 2: Windows server with domain user and RDP Protocol

To connect to a Windows server with the address of 10.10.2.145, which belongs to the domain mycompany.com, with the domain user domainadmin and with the RDP protocol, use the following configuration in the Start Program setting:

                          psm /u domainadmin@mycompany.com /a 10.10.2.145 /c PSM-RDP

To allow the connection, a domain account with the address of mycompany.com and the username domainadmin must pre-exist in Privilege Cloud.

Example 3: Unix server with the SSH protocol

To connect to a Unix server with the address of 10.10.2.145, with the user root and with the SSH protocol, use the following configuration in the Start Program setting:

                          psm /u root /a 10.10.2.145 /c PSM-SSH

Example 4: Unix server with the WinSCP client

To connect to a Unix server with the address of 10.10.2.145, with the user root and with the WinSCP client, use the following configuration in the Start Program setting:

                          psm /u root /a 10.10.2.145 /c PSM-WinSCP

To connect using a smart card, add redirectsmartcards:i:1 to the RDP file.
To connect to the target account, double-click the file.

Connect using a standard RDP client

If you are using a standard RDP client (that is neither MSTSC nor Connection Manager), You can configure a single RDP file to connect through Privilege Cloud, which includes the target machine details in advance.

To connect using RDP without configuring the details in advance, see Connect using RDP without providing details in advance.

To connect using RDP (configure details in advance):

Configure the settings of the RDP client as described in RDP settings.

Connect using MSTSC

This procedure describes how to connect to a target device, through Privilege Cloud, specifically using MSTSC.

To connect using MSTSC:

Open the MSTSC client.

You can also execute MSTSC through the command line using: MSTSC /v:<PSM server address>
In the Computer field, enter the address of the PSM server, through which you will establish the connection. The PSM address can be entered either as a DNS name, or as an IP address in IPV4 format.

In an environment with load balanced PSMa, specify the address of the PSM load balancer.
Expand Show Options, and do the following:
1. In the User name field, enter your Privilege Cloud user name.
  
  If you do not configure your username, you will be prompted for it when the connection is made. You will also be prompted for your password.
2. Click the Programs tab, and select Start the following program on connection
3. In the Program path and file name field, enter the connection details to PSM. For details, see RDP settings.
4. If you are using smart card authentication, click the Local Resources tab, and select Smart cards.
Click Connect.

Connect using Connection Manager

This section describes how to connect to a target device, through Privilege Cloud, specifically using Connection Manager, by configuring the Connection Manager with the target machine details in advance.

To connect using RDP without configuring the details in advance, see Connect using RDP without providing details in advance.

To connect using Connection Manager (configure details in advance):

Open Connection Manager application on your desktop and create an entry for the target device.

Give each entry a meaningful name to indicate the target device details.
Set the Remote machine address to the address of the PSM server through which you want to establish your connection.

The PSMaddress can be entered either as a DNS name, or an IP address in IPV4 format.

In an environment with load balanced PSMs, specify the address of the PSM load balancer.
To connect using a smart card, enable smart card redirection in the connection manager setting.
Enter your Privilege Cloud credentials.

If you do not configure the log on credentials, you will be prompted for them when the connection is made.

Configure the RDP settings, as described in RDP settings.

Connect using RDP without providing details in advance

You can connect using any standard RDP client or an RDP file without providing details about your target machine in advance.

To connect using an RDP file, a standard RDP client, or Connection Manager (without providing details in advance)

To use this option with NLA, you must use a username that contains the login pattern configured by your Administrator under the PSMLoginPattern parameter. For details, see PSM basic parameters file .
When connecting with PKI authentication in NLA, authentication is performed with the smart card certificate, but you still must include the login pattern in the usename field to support this capability.

Configure the following settings:

Setting	RDP Parameter Type	Description
full address	s	The address of the PSM server through which you want to establish your connection. The PSM address can be entered either as a DNS name, or an IP address in IPV4 format. In an environment with load-balanced PSMs, specify the address of the PSM load balancer.
alternate shell	s	Only value the PSM parameter ("psm "). There must be a space after psm.
username	s	Enter your CyberArk or LDAP user name, according to the authentication process required in your environment. If you do not configure your user name, you will be prompted for it when the connection is made. You will also be prompted for your password. Note: We do not recommend saving your password.

Setting

RDP Parameter Type

Description

full address

The address of the PSM server through which you want to establish your connection.

The PSM address can be entered either as a DNS name, or an IP address in IPV4 format.

In an environment with load-balanced PSMs, specify the address of the PSM load balancer.

alternate shell

Only value the PSM parameter ("psm ").

There must be a space after psm.

username

Enter your CyberArk or LDAP user name, according to the authentication process required in your environment.

If you do not configure your user name, you will be prompted for it when the connection is made. You will also be prompted for your password.

Note: We do not recommend saving your password.

Example:

To connect using a smart card, add redirectsmartcards:i:1 to the RDP file.
When you connect to the target, after you enter your authentication details, you are prompted for your connection details.

To configure MSTSC to connect to the target machine without using the Programs tab without providing details in advance)

You cannot use this option if NLA is enabled in your environment.

Open MSTSC.

You can also execute MSTSC through the command line using:

MSTSC /v:<PSM server address>

In the Remote Desktop Connection window, in the Computer field, enter the address of the PSM server through which you will establish the connection.

The server address can be entered either as a DNS name, or as an IP address in IPV4 format.

In an environment with load-balanced PSMs, specify the address of the PSM load balancer.

Open Show Options, and in the User name field, enter "psm " followed by your Privilege Cloud or LDAP user name, according to the authentication process required in your environment.

If you do not configure your user name, you will be prompted for the user name and password when the connection is made.

We do not recommend saving your password locally.
There must be a space after psm.

If you are using smart card authentication, click the Local Resources tab, and select Smart cards.
When you connect to the target, after you enter your authentication details, you are prompted for your connection details.

RDP settings

The following settings are relevant for all types of RDP connections.

Settings Description

full address

Settings	Description
full address	The address of the PSM server. Get this information from your admin.
alternate shell	`psm /u target-user /a target-address /c connection-component` target-user The name of the user used to log on to the target device. When using a domain account, use the following format: username@domain-name When using a shared account to connect to vCenter machine, use the following format: username@vCenter-address target-address The address of the target system. As defined in the account address setting. Use one of the following formats: IPv4 – For example, 1.1.1.1 IPv6 – For example, 1000:1000:1000:1000:1000:1000:1000:0055 DNS – For example, 'myhost' connection-component The type of the connection that will be established with the target device. Get this information from your admin.
username	Enter your CyberArk or LDAP user name, according to the authentication process required in your environment. If you do not configure your user name, you will be prompted for it when the connection is made. You will also be prompted for your password. Note: We do not recommend saving your password.

The address of the PSM server.

Get this information from your admin.

alternate shell

                  psm /u target-user /a target-address /c connection-component

target-user The name of the user used to log on to the target device.

When using a domain account, use the following format:

username@domain-name

When using a shared account to connect to vCenter machine, use the following format:

username@vCenter-address
target-address The address of the target system. As defined in the account address setting.

Use one of the following formats:
- IPv4 – For example, 1.1.1.1
- IPv6 – For example, 1000:1000:1000:1000:1000:1000:1000:0055
- DNS – For example, 'myhost'
connection-component The type of the connection that will be established with the target device.

Get this information from your admin.

username

Enter your CyberArk or LDAP user name, according to the authentication process required in your environment. If you do not configure your user name, you will be prompted for it when the connection is made. You will also be prompted for your password.

Note: We do not recommend saving your password.