Anonymous_User Absent Member.
Absent Member.
545 views

c/pcksh equialent for RDP?


Hello.

For a lot of servers we want to allow sessions both via relay and
directly, but still have the monitoring of the session available.
To achieve this, we use c/pcksh on Linux servers. Is there an equivalent
to this for RDP?

To clarify, what I want to achieve:
- Login to RDP Relay -> connect to target host -> Have a rule applied
that records the session
- Connect to target host via RDP -> Have a rule applied that records the
session

For the first case I have the following Pseudocode:

Begin Rule: vmtestwin7
If ((commain IN RDP Session))
Then
Set Authorize: yes
Set Session Capture: yes
Set runUser = "vmtestwin7\testUser"
Stop if authorized
End If
End Rule: vmtestwin7

I would now like to have this for direct connections, too.

Is this possible?


--
blindcoder
------------------------------------------------------------------------
blindcoder's Profile: https://forums.netiq.com/member.php?userid=5313
View this thread: https://forums.netiq.com/showthread.php?t=49497

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: c/pcksh equialent for RDP?

I think what you're asking essentially boils down to, "Is there a way to
use PUM to audit a system without going through PUM." There are certainly
other ways to audit microsoft windows but I do not think that the built-in
monitoring gives you the same granularity as going through PUM for the RDP
relay (for those other ways look at the Sentinel or Log Manager products,
or the old Security manager product, from NetIQ).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: c/pcksh equialent for RDP?


Yes, that's what I was looking for. I was hoping that, as it is possible
for Linux systems, it would be possible for Windows, too.

Thanks for the answer!


--
blindcoder
------------------------------------------------------------------------
blindcoder's Profile: https://forums.netiq.com/member.php?userid=5313
View this thread: https://forums.netiq.com/showthread.php?t=49497

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: c/pcksh equialent for RDP?

Check out this (PUM Run) in case it meets your needs:

https://www.netiq.com/documentation/privilegedusermanager23/npum_admin/data/bzmp2jy.html

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.