achinayoung_wau Respected Contributor.
Respected Contributor.
860 views

RDP Session for Domain Administrator

I am trying to create a rule to record RDP connections as the domain administrator. I created a "Domain Administrator" group and added "Administrator" as the sole user:


I then created a command rule:


However, whenever I launch RDP And log in as "<domain>\dministrator", the RDP connection is terminated with:
Your Remote Desktop Services session has ended.

Your network administrator might have ended the connection. Try connecting again, or contact technical support for assistance.


If I change the rule conditions in the command rule from:
IF (user in Domain Administrator AND command in Windows Direct Session)

to:
IF (user in Everyone AND command in Windows Direct Session)

then the command rule works. So, it appears I am doing something wrong in my "Domain Administrator" group.

Any ideas?
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: RDP Session for Domain Administrator

Try changing 'Administrator' to 'ADMINISTRATOR'

For more details on how the request comes into PAM, try the following command:
# tailf /opt/netiq/npum/logs/unifid.log | grep 'cmdctrl request'
... Info, cmdctrl request accepted for '<rdpDirect> tharris2012\ADMINISTRATOR@tharris9.lab.novell.com' from ADMINISTRATOR@tharris9.lab.novell.com as tharris2012\SubmitUser@tharris9.lab.novell.com
0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: RDP Session for Domain Administrator

Yep, that was it. Thank you!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.