Scribd
Upload
124 views

RDCMan-plugin Implementation Guide-V2.9 Release

This document provides an overview and instructions for installing and using the Remote Desktop Connection Manager PSM Plugin. The plugin allows users to connect to target systems using credentials from the CyberArk password vault. It provides a streamlined experience for connecting via privileged accounts while isolating credentials. Key steps include downloading and configuring the plugin, selecting accounts, and connecting to targets directly from RDCMan using CyberArk credentials.

Uploaded by

Dương Dương
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
124 views

RDCMan-plugin Implementation Guide-V2.9 Release

This document provides an overview and instructions for installing and using the Remote Desktop Connection Manager PSM Plugin. The plugin allows users to connect to target systems using credentials from the CyberArk password vault. It provides a streamlined experience for connecting via privileged accounts while isolating credentials. Key steps include downloading and configuring the plugin, selecting accounts, and connecting to targets directly from RDCMan using CyberArk credentials.

Uploaded by

Dương Dương
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Remote Desktop Connection

Manager
PSM Plugin
Implementation Guide
2.9
CYBERARK Implementation Guide

1 Document Properties .......................................................................................... 2


1.1 Document Information 2
1.2 Terms 2

2 Solution Overview............................................................................................... 3
3 Plugin Installation ............................................................................................... 4
3.1 Pre-Requisites 4
3.2 Installation Steps 5
3.3 First Run of Remote Desktop Connection Manager 5

4 Application Management .................................................................................... 8


4.1 The PAM Menu 8

5 Plugin Usage ...................................................................................................... 9


5.1 Connect using a domain account 9
5.2 Connect using a local account 9
5.3 Dual Control Requests 10
5.4 Connect using SecureConnect 11

6 Secure DLL ....................................................................................................... 12

www.cyberark.com Page 1 of 13
CYBERARK Implementation Guide

1 DOCUMENT PROPERTIES

1.1 Document Information

The content of this document is provided for informational use only. This document is presented "as-
is" and material contained in this document, including screen captures, URLs, and other website links
or references may change. In addition, the actual user experience and success of this tool may hinge
on unique customer environment variables and system settings, such as operating system, network
access, safe and platform design, etc..

1.2 Terms

This tool provided as a "Community" solution. Please refer to "CyberArk Marketplace Terms of Use"
for further information.

www.cyberark.com Page 2 of 13
CYBERARK Implementation Guide

2 SOLUTION OVERVIEW

The PAMPlugin is a lightweight integration for Remote Desktop Connection Manager (RDCMan)
leveraging the CyberArk Password Vault Web Access (PVWA) REST API. It enables users to create
and manage a list of systems they wish to connect to while at the same time using CyberArk to
isolate and obviate credentials. This allows users to transparently connect to targets via the PAM
solution.

www.cyberark.com Page 3 of 13
CYBERARK Implementation Guide

3 PLUGIN INSTALLATION

3.1 Pre-Requisites
▪ Regular access via your least privileged account to logon to and authenticate to the PVWA
Server as well as access to view your accounts.
▪ Any version of Windows (tested on Windows 10)
o .NET Framework deployed (uses v4.7)
▪ Microsoft Remote Desktop Connection Manager (tested Version 2.90.1420.0)
▪ Requires 443 access to the PVWAs.
▪ Requires 3389 access to Privileged Session Manager (PSM) server.
▪ Supports all Authentication Methods that are supported by CyberArk PVWA API:
o CyberArk
o SAML (Simple Authentication Markup Language)
o LDAP (Lightweight Directory Application Proto col)
o RADIUS (Remote Access Dial In User Service)
o PKI (Public Key Infrastructure) and PKI PN (PKI Principal Name)
▪ NOTE: CyberArk recommends using MFA for all authentication as referenced in Security
Fundamentals.

▪ The following policy updates must be made on PSM servers


Computer Configuration > Administrative Templates > Windows Components > Remote
Desktop Services > Remote Desktop Session Host > Security
Always prompt for password upon
Disabled
connection
Enabled (this should already be enabled as
Require secure RPC communication
part of hardening
Require use of specific security layer for
Enabled - Set to RDP.
remote (RDP) connections

www.cyberark.com Page 4 of 13
CYBERARK Implementation Guide

3.2 Installation Steps


▪ Download the zip package from the Marketplace.
▪ Extract the zip file into the same directory as Remote Desktop Connection Manager.

Figure 1

3.3 First Run of Remote Desktop Connection Manager


▪ Start RDCMan.exe and click “Next” after startup.
▪ Configure the Plugin General Settings. (See Figure 2)

Figure 2

www.cyberark.com Page 5 of 13
CYBERARK Implementation Guide

▪ Once open, enter the following configuration parameters:


1. PVWA URL
▪ The URL for your PVWA, (e.g., https://mypvwa.local/passwordvault)
2. Authentication Type
a. This is one of the RESTAPI Authentication Types and can be:
i. CyberArk
ii. LDAP
iii. Radius
iv. SAML
v. PKI or PKIPN
3. SSL Validation
a. This enables SSL Validation from the client to the PSM Server
NOTE: "Yes" is recommended
▪ Click “Auth” and enter logon details in the pop-up. Click “OK” to proceed.
▪ Select which privileged domain accounts you wish to use within RDCMan (See Figure 3). You
will have the following options:
1. Fetch all available domain accounts.
2. Fetch my favorites domain accounts.
a. This will fetch all accounts that are in your favorites list, denoted with a
star.
3. Manage domain accounts manually.
a. Select specific accounts that you wish to fetch and use in RDCman.

www.cyberark.com Page 6 of 13
CYBERARK Implementation Guide

Figure 3

▪ Click “Finish” to proceed. Review the new capabilities and menus available in RDCMan and
click “Start.”

www.cyberark.com Page 7 of 13
CYBERARK Implementation Guide

4 APPLICATION MANAGEMENT

4.1 The PAM Menu


The plugin can be managed in the “PAM” menu bar button. (See Figure 4)

Figure 4

▪ You have the following options:


1. Sign In/Out
▪ Start or terminate the connection to the PVWA.
▪ NOTE: You must sign out of your session to modify session
2. My Accounts
▪ Select which domain accounts are available for use in a privileged session.
3. Settings
▪ Configure the connection to the PVWA.

www.cyberark.com Page 8 of 13
CYBERARK Implementation Guide

5 PLUGIN USAGE

Right-click on a target server and navigate to the “Connect server via CyberArk” dropdown menu.
(See Figure 5)

Figure 5

5.1 Connect using a domain account.


Select an account from the dropdown menu. You may be prompted to enter a reason for accessing
this target. (See Figure 6)

Figure 6

5.2 Connect using a local account.


Select “Using Local Account from the dropdown menu. You will be prompted to select a local account
that you have access to. The address field of the local account in CyberArk PAM must match the
target server name in RDCMan exactly. (See Figure 7)

www.cyberark.com Page 9 of 13
CYBERARK Implementation Guide

Figure 7

5.3 Dual Control Requests


If an account is associated with a platform that has Dual control applied, the end user will receive a
prompt. This request can then be handled and approved via the PVWA, or PSMClients.

Figure 8

The user can review the request status from the PAM Menu at the top of the RDCMan window.

Figure 9

www.cyberark.com Page 10 of 13
CYBERARK Implementation Guide

Figure 10

5.4 Connect using SecureConnect.


Click on “Connect using SecureConnect” in the dropdown menu to connect using the credentials that
stored in the RDCMAN (See Figure 8)

Figure 11

www.cyberark.com Page 11 of 13
CYBERARK Implementation Guide

6 SECURE DLL

To secure the usage of this DLL, CyberArk recommend using EPM to validate the hash of the DLL.
For more information, contact your CyberArk Representative.

www.cyberark.com Page 12 of 13

You might also like