For a lot of servers we want to allow sessions both via relay and directly, but still have the monitoring of the session available. To achieve this, we use c/pcksh on Linux servers. Is there an equivalent to this for RDP?
To clarify, what I want to achieve: - Login to RDP Relay -> connect to target host -> Have a rule applied that records the session - Connect to target host via RDP -> Have a rule applied that records the session
For the first case I have the following Pseudocode:
Begin Rule: vmtestwin7 If ((commain IN RDP Session)) Then Set Authorize: yes Set Session Capture: yes Set runUser = "vmtestwin7\testUser" Stop if authorized End If End Rule: vmtestwin7
I would now like to have this for direct connections, too.
I think what you're asking essentially boils down to, "Is there a way to use PUM to audit a system without going through PUM." There are certainly other ways to audit microsoft windows but I do not think that the built-in monitoring gives you the same granularity as going through PUM for the RDP relay (for those other ways look at the Sentinel or Log Manager products, or the old Security manager product, from NetIQ).
-- Good luck.
If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...