I've been using RDM for a long time now and it is fantastic. I would like to integrate PVM with RDM for our team, but the video tutorial and the documentations for PVM are rather lacking.

We have a service account used for accessing certain services and only the senior sysadmin users have access to this account. Sometimes, the newbies will request access to this account, in order to perform certain tasks that only this account can do. We would then need to physically go to their machine and enter the credentials for them.

Essentially, we need a way to grant account access to users, without having them know what the password is or retrieve it via clipboard history. We need to control when the account can be accessed by them, so possibly like a one time access or expiry on time limit.

How can we achieve this with PVM?

Clock6 mths

I've set up PVM with a test account that does not have read access to the password, nor can the account copy the password.

If I were to add a local data source to RDM and then create a PVM entry, I can copy the password and view it in my clipboard history. How can I restrict this?

Clock6 mths

Hello Ricky,

First it's good to know that every feature that PVM have is integrated to RDM. Regarding the way you would like to use RDM you do not need to use a PVM/RDM integration.

You could create a folder with these restricted passwords for admins only. And when the newbies need to have access to that password you could grant him access to the session by changing the View permission only to an RDP session with the credentials embedded. In this case the newbies won't see the credentials and won't be able to copy it. The only right he will have is to start the session.

Once they have finished, you could just change the View Permission back to sysadmins only.

All this is base on the security per Roles.

Best regards,



David Grandolfo

signaturesignature

Clock6 mths

Thanks, I've got this set up now.

However, I've discovered a bug in the time-based security setting. I want to prevent the newbies from accessing the entries unless they request for accesss and I authorize them. So for all the entries, I've I set the time to 2am ~ 2am, thinking that the entries can only be allowed at 2am (no one will be working at that time). However, this does not actually block the entries. I have to set it to 2am ~ 2:01am for it to actually be blocked.

Clock6 mths

Hi Ricky,

I'm not sure where the issue is, because if you block the entries for 2am it will be for 2am only. If you would like to block it for 2am to 3am the value need to be 2am and 3am.

If you are trying to completely block the entries for everyone you could do a right click --> Edit --> Status --> Locked. So the entries will be lock for your user only.

Best regards,



David Grandolfo

signaturesignature

Clock6 mths