Customers using Auto-Connect PVP (Password View Policy) with RDP enabled accounts find that when the accounts are checked-in, the RDP connection is not closed. This presents an issue from control/audit perspective.

There is an existing enhancement request on this topic:

https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=ef29c3cf-ef01-4165-95f2-9d88d100a236

Affects any PAM release as of October 2023

PAM does not abruptly terminate an active connection when the check-in job runs by design.

To avoid this problem, we recommend to use password view policy (PVP) option Exclusive Check-out On Auto Connect, see documentation page Create a Basic Password View Policy.

With exclusive check-out enabled no other user can establish a connection using the same target account, and the target account will be checked in only when all connections are closed.

Note that prior to 4.1.3 there was a potential problem creating a PVP with the combination of exclusive checkout and dual authentication, see the following item on documentation page Resolved Issues in 4.1.3:

33398895    DE565158    Exclusive checkout not working with dual authorization.