PAM connects to server with RDP, but does not populate password or complete the auto login
search cancel

PAM connects to server with RDP, but does not populate password or complete the auto login


Article ID: 133404


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM) CA Privileged Access Manager - Server Control (PAMSC)


PAM Admin has RDP Auto Login configured in the Policy, however everytime any user attempts to use this machine, they get stuck at the login page.  


Release : 3.3.x, 3.4.x and 4.x



The customer had the following Microsoft Security Policy enabled:

Interactive logon: Message text for users attempting to log on

This setting give a 'Legal Notice' or 'Warning Message' that they end-user must click 'OK' to proceed.


In order for PAM to handle this "Legal Notice" - we need to utilize PAM Device Groups.

When defining the "Device Group" on the "Enable Tab" -> please check the following two boxes:


  • Provide Credentials for 'Always Prompt for Password'
  • Handle 'Legal Notice' on Logon Screen


Once done, configure an access policy for your affected users or user groups and this device group.

See also PAM online documentation page Configure Login Options for Windows Target Devices.


Additional Information

Update and Clarification from November 2022:

The original "Handle 'Legal Notice' on Logon Screen" feature in PAM was implemented for old Windows releases that are no longer supported.

Recent releases present the interactive logon message text AFTER credentials are provided. This case is NOT covered by the PAM device group configuration mentioned above. PAM Engineering determined that the current form of the message/legal notice should not be auto-acknowledged by PAM. The user should read and acknowledge it. If an RDP session is launched, but then not used for a while w/o having acknowledged the legal notice, the session will close automatically after a couple of minutes. There was a bug in PAM 4.0.2, where such a session did not close properly and could hang the whole PAM client session if attempted to be used later on. That problem is fixed in 4.0.3+ and 4.1.1+.