How to Set Up Auto-Login for Windows RDP

You set up Windows RDP access to a target device so that the end user logs in automatically without entering a password. You configure the following procedures to provide the auto-login access:
capam33
You set up Windows RDP access to a target device so that the end user logs in automatically without entering a password. You configure the following procedures to provide the auto-login access:
2
Watch a Video
Watch this video to see a demonstration of this topic.

Create a Device 
Add the device to which you want to provide auto-login access. For more details about Device attributes that are not covered in this procedure, see Device Group Setup.
Follow these steps:
 
  1. Select 
    Devices
    Manage Devices
    .
  2. To specify a new device, select 
    Add
    .
  3. Enter a 
    Name
    . This name is displayed on the Access page. You can enter double-byte characters.
  4. Enter the device IP address or FQDN in the 
    Address
     field.
    • For FQDN, DNS must be set up properly on the 
      Configuration
      Network
      Network Settings
       page.
  5. For 
    Device Type
    , select Access and Password Management.
  6. Select
     Scan
     to detect services that are configured on the device. The detected services appear on the Access Methods and Services tabs. RDP should appear on the Access Methods tab after selecting 
    Scan
    .  
  7. Select 
    OK 
    to save the Device.
Create an Application
Add the Application and Target Connector for connecting users to your device. For Windows RDP, you can use one of the following connectors. Select an Application Type according to your Windows infrastructure and the type of login account you plan to use. 
For ease of demonstration, we use the Windows Remote connector. 
Follow these steps in the UI:
 
  1. Select 
    Credentials
    Manage Targets
    Applications
  2. Select 
    Add
    .
  3. Use the 
    Host Name
     magnifying glass to find the target device. Select the device and select 
    OK
  4. The 
    Host Name
     and 
    Device Name 
    of the target server are populated. 
  5. Enter a unique
     Application Name
    . This name does not have to be an existing application on the target device. 
  6. In the 
    Application Type
     field, select 
    Windows Remote
    .
  7. Select the 
    Windows Remote
     tab.
  8. For the 
    Account Type
    , select 
    Local Account
    . This type is only able to manage local accounts on target servers.
  9. Select 
    OK
     to save the Application.
Create an Account
Add the login account for 
Privileged Access Manager
 to use to log in to the target device. For more information about setting up accounts for different application types, see the following pages: 
For ease of demonstration, we use the Windows Remote connector. 
Follow these steps:
 
  1. Select 
    Credentials
    Manage Targets
    Accounts
    . The Target Account page appears with a list of existing accounts.
  2. Select 
    Add
    . The Add Target Account page appears.
  3. Select the 
    Application Name
     magnifying glass to find the target application. Select the application and select 
    OK
    .
    The 
    Host Name
    Device Name
    , and 
    Application Name 
    fields are populated. 
  4. Enter the 
    Account Name
    . The account name must be unique for a given target application and must be the account name that the target system uses.
  5. Select the 
    Password View Policy
     for the account.
  6. Enter an initial account 
    Password
     or select the Generate Credential key icon to generate a default password.
  7. On the 
    Password
     tab, Select 
    Discovery Allowed
     to discover accounts on the Windows remote system. 
  8. Select the 
    Update both the Credential Manager Server and the target system.
     Password updates are performed both in Credential Manager and on the target system to maintain consistency.
  9. On the 
    Windows Remote
     tab, select the Administrator 
    Account Type
  10. Select 
    OK
     to save the Account.
Create a User
Add a User that you want to use auto-login to access the target device. For information about authentication methods, roles, and other User attributes, see Identify Users that Can Log in to the Server. For ease of demonstration, we create a "local" 
Privileged Access Manager
  user. 
Follow these steps:
 
  1. Select 
    Users
    Manage Users
    .
  2. Select 
    Add
     to create a user.
  3. Complete the required fields in the 
    Basic Info
     section (indicated by a red asterisk).
    • User Name
       accepts alphanumeric characters, a dash, an underscore, and spaces. For AWS users, a user name can be from 2 through 32 characters long because of restrictions on federated users within AWS.
  4. Select 
    OK
     to save the User.
Create a Policy
Create a Policy linking the user, the device, and the account. For more detailed information about policies, see Set Up a Policy.
Follow these steps:
 
  1. Select 
    Policies
    Manage Policies
  2. Create a policy by clicking 
    Add
    .
  3. Use the fields in the 
    Association 
    tab to locate the user and device that you want to associate in the policy.
    Select the search icon in each field to display the list of choices. Select an entry and 
    OK
     to add it to the Association screen.
  4. On the
     Access
     tab, select "RDP" and move it to the Selected Access list. Then select the target account that you created for auto-login. Use the magnifying glass button under the Target Account heading to find the account. Use the shuttle control to move the account from the Available column to the Selected column. 
  5. Select 
    OK
  6. If session recording capability is configured, you can specify the types of recording to make using the options on the 
    Recording
     tab. 
  7. Select 
    OK
     to save the Policy.
The User should now be able to log in to the Access page, and RDP into the Device without credentials.