Your Remote Desktop Services session has ended.
Your network administrator might have ended the connection. Try connecting again, or contact technical support for assistance.
Tue Apr 17 11:16:48 2018, 39, 1227773696, 13775, Info, cmdctrl request denied for '<rdpDirect> V3TSW00421\ADMINISTRATOR@v3tsw00421' from ADMINISTRATOR@v3tsw00421
The typical use case for 'Windows Direct Session' (Direct-RDP), is to allow with the Submit User credentials.
In other words, if the user has access directly in Windows/AD, then allow the session and begin auditing.
To configure this:
1. Add a 'SubmitUser' credential to the v3tsw00421 Windows Account Domain. Note: there is no space between the username. Also, in an upcoming release we are eliminating this pre-requisite step.
2. Change the cmdctrl rule to use this new 'SubmitUser' credential (i.e. v3tsw00421\SubmitUser) for Credential and Run User
3. Then try to access via direct-rdp with a user that is in the Domain Administrator group (as per the configured Rule Conditions)
Your previous rule would work well for RDP-Relay with a couple details changed:
1. Change Rule Conditions from 'Windows Direct Session' to 'RDP Session'
2. Configure the 'Run Hosts' to a specific server (agent name) or a host group that lists them.
Note: This rule would grant privileged access to the Administrator account for users through the MyAccess Console via RDP-Relay.