Handling RDP Window Resizing and resolution

Products Privilege Secure Discussions & Questions
,
1

Hi ,

resizing RDP windows while keeping a good aspect ration is important for admins who work throughout the day with remote sessions. Unfortunately, the ‘smart sizing’ option in mstsc often doesn’t meet usability expectations. Instead, some customers prefer to use a “refresh” function within some remote desktop manager software which will disconnet and reconnect a session on the fly and change the resolution to fit the actual size of the windows.

Unfortunately, disconnecting a Privilege Secure session inside a remote connection manager will lead to deprovisionig it. How you guys handle this scenario to improve administrator adoption and overall usability?

Btw, it is possible to set multiple allowed RDP resolutions under global settings in privilege secure but I couldn’t find how it modifies the user experience as the RDP token created will always have the configured standard resolution.

Regards
Benjamin

2

Hi Benjamin,

As you rightly say, when you close a DirectConnect session, it will deprovision it. There is a workaround if you are expecting to open and close via the DirectConnect string. If you start the Activity in NPS via the GUI, you can then open and close the session in DirectConnect multiple times and it will remain running until the Activity expires.

We could consider adding a parameter to the connection string to keep it open, but we will need to research if we can do this. If you could open an enhancement request in the NPS Ideas portal, we’ll look into this for you.

As far as the resolutions are concerned in global settings, these are in place for a future feature where you would be able to provide a pick list of available resolutions when launched from the UI. At the moment, I do not have a date for that feature.

Hope this helps!

All the best,
Martin

1 Like
3

Unfortunately, disconnecting a Privilege Secure session inside a remote connection manager will lead to deprovisionig it. How you guys handle this scenario to improve administrator adoption and overall usability?

You could start the session in the WebUI first and then use the direct connect to attach to the existing session. Since the direct connect didn’t start the session it won’t close it at the end. This is a work-around, there is also the ability to turn the “DisconnectSession” off in the NPS server settings.

This is a per Proxy Service setting (so if you have more than proxy, you will need to update the files on all servers).

It is also set per protocol (SSH/RDP)

In the ProxyService configuration files sbpam_ssh.json and sbpam_rdp.json found in the following directory: C:\ProgramData\Stealthbits\PAM\ProxyService

NOTE the above files may not exist, to create the defaults run the following command from a command prompt running as Administrator: "'C:\Program Files\Stealthbits\PAM\ProxyService\sbpam-proxy.exe' cfg -c sbpam_ssh
‘C:\Program Files\Stealthbits\PAM\ProxyService\sbpam-proxy.exe’ cfg -c sbpam_rdp

Either add or update the DisconnectSession setting to false (it is true by default).

If you had to create the default, then your sbpam_ssh.json file should look like this:

{
  "listenaddress": "0.0.0.0:4422",
  "DisconnectSession": false
}

and your sbpam_rdp.json file should look like this:

{
  "limitcolordepth": false,
  "listenaddress": "0.0.0.0:4489",
  "startuptimeout": "30s",
  "twofactorseparator": ",",
  "DisconnectSession": false
}

If you are unsure if your JSON file is syntactically correct, you can run the following command in PowerShell to validate it:

Get-Content C:\ProgramData\Stealthbits\PAM\ProxyService\sbpam_rdp.json | ConvertFrom-Json

If you have valid JSON you will see:

limitcolordepth    : False
listenaddress      : 0.0.0.0:4489
startuptimeout     : 30s
twofactorseparator : ,
DisconnectSession  : False

However if you did like I did when testing this out and forgot your comma after "twofactorseparator", you will see this!

ConvertFrom-Json : Invalid object passed in, ':' or '}' expected. (126): {
  "limitcolordepth": false,
  "listenaddress": "0.0.0.0:4489",
  "startuptimeout": "30s",
  "twofactorseparator": ","
"DisconnectSession": false
}
At line:1 char:32
+ Get-Content .\sbpam_rdp.json | ConvertFrom-Json
+                                ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
2 Likes
4

Hi,

thank you very much. I will try this workaround and write a feature request in the NPS ideas portal.

Regards
Benjamin

3 Likes