search cancel

PAM connects to server with RDP, but does not populate password or complete the auto login

book

Article ID: 133404

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PAM Admin has RDP Auto Login configured in the Policy, however everytime any user attempts to use this machine, they get stuck at the login page.  



Cause

The customer had the following Microsoft Security Policy enabled:

Interactive logon: Message text for users attempting to log on

This setting give a 'Legal Notice' or 'Warning Message' that they end-user must click 'OK' to proceed.

Environment

Release : 3.3.x, 3.4.x and 4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

In order for PAM to handle this "Legal Notice" - we need to utilize PAM Device Groups.

When defining the "Device Group" on the "Enable Tab" -> please check the following two boxes:

 

  • Provide Credentials for 'Always Prompt for Password'
  • Handle 'Legal Notice' on Logon Screen

 

Once done, configure an access policy for your affected users or user groups and this device group.

See also PAM online documentation page Configure Login Options for Windows Target Devices.