Any Windows passwords stored in a Vault can be used to launch RDP Sessions. You can also set various policies to the passwords to restrict what actions are allowed over the connection. This allows you to configure direct remote access to a machine using account information stored in the AuthAnvil Password Server.
RDP sessions are intended to be used for connecting from one machine to another on the same network.
Creating an RDP Password
To set up and use the Remote Desktop tools, complete the following steps:
- Create a new Password in the Vault of your choice, using any of the 3 Windows password types.
- Open the Top Tab, Remote Desktop Connection Policy.
- Check the Enable Remote Desktop Policy checkbox, and select a policy.
Return to the Vault Page and click the desktop icon to launch the Remote Desktop session.
Note: By default, Remote Desktop Connections are only enabled if you are viewing the Password Vault via an SSL connection. To allow for RDP over insecure (HTTP) connections, open the AAPS web.config file at C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS and set the httpsOverride value to 1 instead of 0.
RD Gateway Connections
Prior to AAPS v2.0 the RDP Connector only supported direct RDP connections over the LAN. The machine needed to be directly resolved from the machine where you were accessing AuthAnvil Password Server. In v2.0 our RDP Connector is RD Gateway aware, meaning it can connect via an RD Gateway tunnel to connect to remote machines from outside the target network.
To make use of RD Gateway credentials, create or modify a Windows password type and under the Remote Connection Policy tab check the box Use Credentials for RD Gateway. This enables the RD Gateway feature for this password. You now have 2 configuration options:
- Use the username and password from this record as the RD Gateway credential by defining the gateway name
- Use another password record as your RD Gateway credentials by checking the second box, Use a Linked Credential for RD Gateway Access
Note: The RD Gateway is defined in the Server Name field, while the direct machine you are connecting to is specified in the Machine Name of this password record.
If the username and password are the same for your RD Gateway and for the end machine, follow option #1. Otherwise, you will want to create a new Active Directory Windows Password record, using the RD Gateway server as the Machine Name for the password. Open up the password used to connect to the end machine and check the box for using a Linked Credential. Select your RD Gateway password from the selection dropdown by typing the first few letters of your vault / password into the selection box.
Once RD Gateway is properly configured, click on the RDP launch icon and it will connect using the RD Gateway credentials defined (either the current password record or another credential).
If you have external access configured for AAPS through AuthAnvil Single Sign On (or another product) you are able to upload and assign unique images to your RDP links. These images can be used to identify RDP session by client or by type of server so you can easily skim through a lot of RDP icons at a glance. If you do not set an image AuthAnvil SSO will assign a default icon:
Custom RDP Policies
Through RDP Connection Policies you can limit console access, mounting drives, and even copy/paste functionality within the RDP session that is launched from AAPS. We provide 3 levels of premade policies at High, Medium, and Low security settings. In PWS v2.0 you can now create your own policies to define specific access within the RDP Connector.
To create a new RDP Connection Policy, go to Admin > External Settings and select the RDP Connection Policies tab. Name your policy and check the boxes for your preferred permissions.
These policies will be available in the normal Connection Policy dropdown box.
For more install information please refer to the latest AuthAnvil Password Server install guide located here.
If you have any questions or need some help, we would be happy to assist. Open a case atkaseya.zendesk.com.