CA PAM 3.4 has been deployed, but during testing it was highlighted that both CredSSP, as specified in:
as well as the Protected AD Groups feature, as outlined in:
However, CredSSP is a required feature of the environment to be deployed, especially with respect to RDP to Windows 2019 servers.
Is there any way to have both features work in PAM while waiting for support for both in the RDP applet coming with the product ?
PRIVILEGED ACCESS MANAGEMENT, version 3.4.X
The solution is to use an RDP Proxy service launched directly from the client or from the CA Agent to connect to the remote machine configured with CredSSP and/or Protected Groups.
The main difference between this scenario and the "native" CA PAM RDP connection is that using the RDP Proxy or the CA Agent, no CA PAM applet is launched: the appliance provides tunneling for connection between the local computer and the remote machine, thus eliminating the need for support of these features in the CA PAM RDP Applet.