PAM Admin has RDP Auto Login configured in the Policy, however everytime any user attempts to use this machine, they get stuck at the login page.
Release : 3.3.x, 3.4.x and 4.x
Component : PRIVILEGED ACCESS MANAGEMENT
The customer had the following Microsoft Security Policy enabled:
Interactive logon: Message text for users attempting to log on
This setting give a 'Legal Notice' or 'Warning Message' that they end-user must click 'OK' to proceed.
In order for PAM to handle this "Legal Notice" - we need to utilize PAM Device Groups.
When defining the "Device Group" on the "Enable Tab" -> please check the following two boxes:
Once done, configure an access policy for your affected users or user groups and this device group.
See also PAM online documentation page Configure Login Options for Windows Target Devices.
Update and Clarification from November 2022:
The original "Handle 'Legal Notice' on Logon Screen" feature in PAM was implemented for old Windows releases that are no longer supported.
Recent releases present the interactive logon message text AFTER credentials are provided. This case is NOT covered by the PAM device group configuration mentioned above. PAM Engineering determined that the current form of the message/legal notice should not be auto-acknowledged by PAM. The user should read and acknowledge it. If an RDP session is launched, but then not used for a while w/o having acknowledged the legal notice, the session will close automatically after a couple of minutes. There was a bug in PAM 4.0.2, where such a session did not close properly and could hang the whole PAM client session if attempted to be used later on. That problem is fixed in 4.0.3+ and 4.1.1+.