How to Set Up Auto-Login for Windows RDP

You set up Windows RDP access to a target device so that the end user logs in automatically without entering a password. You configure the following procedures to provide the auto-login access:
capam33
You set up Windows RDP access to a target device so that the end user logs in automatically without entering a password. You configure the following procedures to provide the auto-login access:

Watch a Video

Watch this video to see a demonstration of this topic.

Create a Device

Add the device to which you want to provide auto-login access. For more details about Device attributes that are not covered in this procedure, see Device Group Setup.
Follow these steps:
  1. Select
    Devices
    ,
    Manage Devices
    .
  2. To specify a new device, select
    Add
    .
  3. Enter a
    Name
    . This name is displayed on the Access page. You can enter double-byte characters.
  4. Enter the device IP address or FQDN in the
    Address
    field.
    • For FQDN, DNS must be set up properly on the
      Configuration
      ,
      Network
      ,
      Network Settings
      page.
  5. For
    Device Type
    , select Access and Password Management.
  6. Select
    Scan
    to detect services that are configured on the device. The detected services appear on the Access Methods and Services tabs. RDP should appear on the Access Methods tab after selecting
    Scan
  7. Select
    OK
    to save the Device.

Create an Application

Add the Application and Target Connector for connecting users to your device. For Windows RDP, you can use one of the following connectors. Select an Application Type according to your Windows infrastructure and the type of login account you plan to use.
For ease of demonstration, we use the Windows Remote connector.
Follow these steps in the UI:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Applications
    .
  2. Select
    Add
    .
  3. Use the
    Host Name
    magnifying glass to find the target device. Select the device and select
    OK
    .
  4. The
    Host Name
    and
    Device Name
    of the target server are populated.
  5. Enter a unique
    Application Name
    . This name does not have to be an existing application on the target device.
  6. In the
    Application Type
    field, select
    Windows Remote
    .
  7. Select the
    Windows Remote
    tab.
  8. For the
    Account Type
    , select
    Local Account
    . This type is only able to manage local accounts on target servers.
  9. Select
    OK
    to save the Application.

Create an Account

Add the login account for
Privileged Access Manager
to use to log in to the target device. For more information about setting up accounts for different application types, see the following pages:
For ease of demonstration, we use the Windows Remote connector.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    . The Target Account page appears with a list of existing accounts.
  2. Select
    Add
    . The Add Target Account page appears.
  3. Select the
    Application Name
    magnifying glass to find the target application. Select the application and select
    OK
    .
    The
    Host Name
    ,
    Device Name
    , and
    Application Name
    fields are populated.
  4. Enter the
    Account Name
    . The account name must be unique for a given target application and must be the account name that the target system uses.
  5. Select the
    Password View Policy
    for the account.
  6. Enter an initial account
    Password
    or select the Generate Credential key icon to generate a default password.
  7. On the
    Password
    tab, Select
    Discovery Allowed
    to discover accounts on the Windows remote system.
  8. Select the
    Update both the Credential Manager Server and the target system.
    Password updates are performed both in Credential Manager and on the target system to maintain consistency.
  9. On the
    Windows Remote
    tab, select the Administrator
    Account Type
    .
  10. Select
    OK
    to save the Account.

Create a User

Add a User that you want to use auto-login to access the target device. For information about authentication methods, roles, and other User attributes, see Identify Users that Can Log in to the Server. For ease of demonstration, we create a "local"
Privileged Access Manager
 user.
Follow these steps:
  1. Select
    Users
    ,
    Manage Users
    .
  2. Select
    Add
    to create a user.
  3. Complete the required fields in the
    Basic Info
    section (indicated by a red asterisk).
    • User Name
      accepts alphanumeric characters, a dash, an underscore, and spaces. For AWS users, a user name can be from 2 through 32 characters long because of restrictions on federated users within AWS.
  4. Select
    OK
    to save the User.

Create a Policy

Create a Policy linking the user, the device, and the account. For more detailed information about policies, see Set Up a Policy.
Follow these steps:
  1. Select
    Policies
    ,
    Manage Policies
    .
  2. Create a policy by clicking
    Add
    .
  3. Use the fields in the
    Association
    tab to locate the user and device that you want to associate in the policy.
    Select the search icon in each field to display the list of choices. Select an entry and
    OK
    to add it to the Association screen.
  4. On the
    Access
    tab, select "RDP" and move it to the Selected Access list. Then select the target account that you created for auto-login. Use the magnifying glass button under the Target Account heading to find the account. Use the shuttle control to move the account from the Available column to the Selected column.
  5. Select
    OK
    .
  6. If session recording capability is configured, you can specify the types of recording to make using the options on the
    Recording
    tab.
  7. Select
    OK
    to save the Policy.
The User should now be able to log in to the Access page, and RDP into the Device without credentials.