Devolutions ForumDevolutions Forum

Application close at a specific time

Application close at a specific time

1 vote

avatar
Michael Huggins

Currently, in the RDM config (and GPO) there is a setting for Application close on an idle timeout entry.

I would like to request the ability to add the option of Application close at a specific time. We would like to have any open sessions of RDM close overnight before a scheduled password rotation, so accounts won't be locked out.


Thanks,
Michael Huggins

All Comments (4)

avatar
Hubert Mireault

Hello Michael,

I'd like to have a little more information on your environment and how you work. Are you using Devolutions Server or Cloud, or a different workspace? Are you using our PAM offering, since you mention password rotations? Is your goal to ensure that opened remote connections (like RDP, etc) are closed, moreso than the RDM application itself closing?

Regards,

Hubert Mireault

avatar
Michael Huggins

We are using Devolutions Server currently. (I will be looking at Devolutions Cloud in the future.) We already have started down the road of PAM with a handful of users using it to rotate PW on personal IT admin accounts. We found that if someone was logged on with said IT admin account, and password rotated (on schedule overnight) they would be locked out of their account the next day. A solution mentioned was enabling an app timeout to logoff all active connections so, when password changed, it would not lock the account as it wasn't in use. However, in moving forward with PAM, we are getting pushback on an idle timeout, and some would prefer the option of the app close (and connections logged off / closed) to sometime before the scheduled password change overnight as opposed to idle timeout.

avatar
Luc Fauvel

Hi @Michael Huggins,

Thank you for reaching out. Just trying to get a clear picture here, when "logged on with said IT admin account", which session type are you referring to and which identity fabric? Example: RDP with Domain PAM accounts? Do you have a checkout policy set on these accounts or just scheduled rotation?

Cheers,

Luc Fauvel

avatar
Michael Huggins

Thank you for the replies here.

Our IT admin accounts are secondary domain accounts for IT. These accounts are in process of being migrated to PAM. So, the answer to your question is they are using 'RDP with Domain PAM accounts'.
As far as checkout policy, there is a policy to change password on check-in of PAM account (after use) and, since we have a small group of users who don't use RDM daily in their work, we also setup a daily a mandatory scheduled rotation at 4am for all PAM accounts.
Let me know if you have any more questions.

Thanks again,
Michael

Closed