Configuring Windows Jump Server to Run Remote Apps Configuring Kron PAM to Run Remote Apps
Kron PAM runs the specified applications by using a command line. You can call the application directly from the executable file or with the help of a batch file.
We generally use the batch file configuration for accessing websites on browsers.
Creating a Batch File on Windows Jump Server
To run the application from the command line, you need to configure the Registry Editor of the jump server.
Editing Registry Editor on Windows Jump Server
Follow the steps below to create a batch file to call the application.
- Define a device group and add the Windows jump server into the device group. You need to define globalUsername and globalPassword as device group properties for this device group.
- Access the target Windows device and open Notepad.
- Type one of the sample texts below to run an application.
Running Applications Like A Database Client |
|---|
@echo off start “Application” [Insert application path] Example: @echo off start "Navicat" "C:\Program Files\PremiumSoft\Navicat Premium 12\navicat.exe" |
Accessing Websites On Google Chrome |
@echo off start "Chrome" [Insert Path Of Google Chrome] -incognito -kiosk --app=[URL Of Website] --ignore-certificate-errors Example: @echo off start "Chrome" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -incognito -kiosk --app=http://www.facebook.com --ignore-certificate-errors. |
- Click File and Save as. Then add “.bat” to the end of the desired file name. Change the Save as type option to All Files. Then save the file in the desired location.
- Find the .bat file you saved and copy the file’s path by clicking the Copy Path option. Ex: “C:\Program Files (x86)\RemoteApp\ChromeFacebook.bat” You will need this when Adding a Remote Desktop App to Kron PAM.
Apply the following changes to the registry editor on the Windows Jump server to call the application.
- Run the Registry Editor as Administrator by searching “regedit” in the Windows Jump server.
- After you open the Registry Editor, navigate to the following directory: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Terminal Server\TSAppAllowList
- Change the fDisabledAllowList parameter value into “1”. This change will allow Kron PAM to run specified applications.
- Create two new entries in this location to prevent running programs after users end their sessions.
When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for unlimited time on the server, so we must set a time limit for disconnected Remote Desktop Services sessions. Add a new DWORD registry entry with the name MaxDisconnectionTime and value 1000.
- Add another registry entry to ensure that the time-out value is not inherited from anywhere else and that only the server settings are used. You need to add a new DWORD registry entry with the name fInheritMaxDisconnectionTime and value 0.
- After these regedit changes, restart the Windows jump server to activate them.