How to publish a remote access to a given URL as an application in PAM
search cancel

How to publish a remote access to a given URL as an application in PAM

book

Article ID: 106742

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

Terminal services allows publishing different applications, which an subsequently be accessed by using RDPWeb, and also as RDP applications in PAM. 

In Terminal Services, each new RDP application can be defined with specific command line arguments, so for instance, it would be possible to publish internet explorer (C:\Program Files\iexplorer.exe) and specify as its argument the URL that we would like ot access (for instance https://aap1.example.com).

As a result it i possible to publish different URL in a remote Windows server as different applications. The different URL must be specified as command line arguments.

However, CA PAM does not have the same format for defining a remote RDP service to be published: there is only room for the path to the remote application and no explicit reference to its arguments.

This means that PAM expects to launch exactly what is defined in its application definition. For instance, let's imagine we want to launch

https://myapp.example.com

using Internet explorer

  • In Terminal services we would create a collection and we would publish  C:\Program Files (x86)\Internet Explorer\iexplore.exe with a command line argument of https://myapp.example.com
  • In CA PAM we would create a RDP service specifying as path: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://myapp.example.com

However, trying to use the newly created RDP service would result in a "Permission denied" error and nothing would be run

 



Environment

CA PAM all versions

Resolution

There is a workaround to achieve this:

1. In the server we want to publish the access to the remote URL application,  define a collection with the following options
  • Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
  • Command line arguments: Accept any parameter

2. In PAM define applications you want to use as having the following path
     " C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://myapp.mydomain.com