Create Windows users provider

The Scheduler service must be installed and running to use this feature.

This guide provides steps to create a Windows users provider to manage Windows local accounts in the PAM module of Devolutions Server

Steps

  1. Ensure that WinRM is properly configured and that all remote machines are added in the Trusted Hosts list as stated in WinRM and Trusted Hosts List.
  2. Create a local account on the remote host that will be managed by the PAM module as a privileged account. The local accounts must have the User cannot change password option enabled to avoid problems with the synchronization of the password in the Privileged Access module. If this account needs to have administrative rights, then add it to the local Administrators group.
    Local Account propreties
    Local Account propreties
  3. Go in Privileged Access - Providers on the Devolutions Server web interface to add a Windows users provider.
    Windows user provider
    Windows user provider
  4. Set the Name of the provider; Set the Computer name and Domain information of the remote host in the Host section; Set the Username and Password values for the provider account in the Credentials section. This account must have proper administrative rights on the host to manage local user accounts. In this sample, david@windjammer.loc is a domain account that is a member of the local Administrators group of the remote host.
    Windows user provider settings
    Windows user provider settings
  5. With the Add Scan Configuration option enabled, create the scan configuration to scan for local accounts. The built-in Administrator account cannot be managed by the Privileged Access module because of the option mentioned in step 3 above that cannot be enabled.
    KB8088
  6. Once the scan is completed, a list of accounts is available. Click on the Eye button to see the discovered accounts.
    KB8089
  7. Select the account that will be managed and click on the Import Selected Accounts button.
    KB8090
  8. Select the folder where the account will be located in Privileged Access - Accounts page.
    KB8091
  9. On success, this prompt box should be displayed on the top right corner.
    KB8092
  10. The account is now available in the folder.
    KB8093