Use Case
Enable up to 2 concurrent RDP sessions on Windows RDP for Saviynt Cloud Privileged Access Management (CPAM) to manage privileged access without additional licenses.
Pre-requisites
- Access to Saviynt Admin Console.
- Administrator rights on the Windows Server.
- Appropriate licenses for more than 2 sessions if required.
Applicable Version(s)
All versions that support CPAM configuration for Windows RDP.
Solution
In Saviynt Cloud Privileged Access Management (CPAM), you can configure Windows Remote Desktop Protocol (RDP) endpoints to support multiple concurrent sessions. By default, up to 2 concurrent sessions are allowed without requiring additional licensing. This is the recommended setup for most users, as it aligns with the standard licensing options provided.
If you need to enable more than 2 sessions, additional licenses are required, and the configuration must be adjusted accordingly.
Configuring 2 Concurrent RDP Sessions on Windows Server for Saviynt CPAM
To enable 2 concurrent remote desktop sessions for a Windows RDP endpoint in Saviynt CPAM, follow these steps:
Access the Endpoint Configuration in Saviynt CPAM:
- Navigate to the CPAM Configuration in the Saviynt Admin Console.
- Locate the Windows RDP Endpoint you wish to configure.
- Update the endpoint configuration to set the maximum concurrent sessions.
Example configuration in the PAM_Config section:
"endpointPamConfig": {
"maxConcurrentSession": "2"
}
- Save the configuration and proceed to configure the Windows server as described below.
Steps to Enable Up to 2 Concurrent RDP Sessions in Windows
To ensure the Windows server is correctly configured for up to 2 concurrent RDP sessions, follow these steps:
Open Group Policy Editor:
- Press Win + R to open the Run dialog.
- Type gpedit.msc and press Enter to open the Group Policy Editor.
2 - Navigate to Remote Desktop Settings:
- Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections.
3 - Modify the Remote Desktop Session Policies:
- Double-click on the policy named Set Restrict Remote Desktop Services user to a single Remote Desktop Services session.
- Set this policy to Disabled and click OK.
4 - Enable and Configure Connection Limit:
- Double-click on Limit number of connections.
- Set the policy state to Enabled.
- Set the RD Maximum Connection allowed to 2.
- Click OK to save the changes.
5 - Add Remote Desktop Services Role:
- Open Server Manager by pressing Win + R, typing ServerManager, and pressing Enter.
- On the “Manage” menu, click Add Roles and Features.
- Follow the wizard to add the Remote Desktop Services role. This step ensures that Remote Desktop capabilities are properly installed and managed
6 - Restart the Windows Server:
- After making these changes, restart the Windows server to apply the new settings.
- Test the RDP connections; you should now be able to have up to 2 concurrent sessions.
Allowing More Than 2 Concurrent RDP Sessions
If you require more than 2 concurrent RDP sessions for your Windows RDP endpoint in Saviynt CPAM, additional configurations and licenses are required:
Purchase the Necessary Licenses:
- Ensure you have purchased the required Remote Desktop Services Client Access Licenses (RDS CALs) to allow more than two concurrent connections.
Configure Remote Desktop Licensing:
Set the Number of Allowed Connections:
- Go back to gpedit.msc and configure the Limit number of connections policy as described earlier, but set the RD Maximum Connection allowed to the number of licensed sessions you require.
Restart the Windows Server:
- Restart the server to apply the changes.
- Verify that the server now allows the desired number of concurrent RDP sessions.
For more information on configuring RDP settings and licensing requirements, you can refer to the official documentation.
By following the above steps, you can configure your Windows server to handle multiple RDP sessions according to your requirements and licensing.
References