Configuring Windows Jump Server to Run Remote Apps Configuring Kron PAM to Run Remote Apps

kron pam runs the specified applications by using a command line you can call the application directly from the executable file or with the help of a batch file we generally use the batch file configuration for accessing websites on browsers creating a batch file on windows jump server to run the application from the command line, you need to configure the registry editor of the jump server editing registry editor on windows jump server creating a batch file on the windows jump server follow the steps below to create a batch file to call the application define a device group and add the windows jump server into the device group you need to define globalusername and globalpassword as device group properties for this device group access the target windows device and open notepad type one of the sample texts below to run an application running applications like a database client @echo off start “application” \[ insert application path ] example @echo off start "navicat" "c \program files\premiumsoft\navicat premium 12\navicat exe" accessing websites on google chrome @echo off start "chrome" \[ insert path of google chrome ] incognito kiosk app=\[ url of website ] ignore certificate errors example @echo off start "chrome" "c \program files (x86)\google\chrome\application\chrome exe" incognito kiosk app=http //www facebook com ignore certificate errors click file and save as then add “ bat” to the end of the desired file name change the save as type option to all files then save the file in the desired location find the bat file you saved and copy the file’s path by clicking the copy path option ex “c \program files (x86)\remoteapp\chromefacebook bat” you will need this when https //krontechdocs atlassian net/wiki/spaces/hg/pages/197329001/configuring+windows+jump+server+to+run+remote+apps# to kron pam editing the registry editor on the windows jump server apply the following changes to the registry editor on the windows jump server to call the application run the registry editor as administrator by searching “regedit” in the windows jump server after you open the registry editor , navigate to the following directory hkey local machine\software\microsoft\windowsnt\currentversion\terminal server\tsappallowlist change the fdisabledallowlist parameter value into “1” this change will allow kron pam to run specified applications create two new entries in this location to prevent running programs after users end their sessions when a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected by default, these disconnected sessions are maintained for unlimited time on the server, so we must set a time limit for disconnected remote desktop services sessions add a new dword registry entry with the name maxdisconnectiontime and value 1000 add another registry entry to ensure that the time out value is not inherited from anywhere else and that only the server settings are used you need to add a new dword registry entry with the name finheritmaxdisconnectiontime and value 0 after these regedit changes, restart the windows jump server to activate them