Remote Desktop Access

Secure remote access to a Windows machine

You can enable secure remote access to a Windows machine on the Dynamic Secrets or on the Rotated Secrets that generates ephemeral credentials for the machine. Users can access the Windows machine from the Secure Remote Access Portal over the web.

Prerequisites

To enable secure remote access to a Windows machine, you need:

Set Up Remote Access to a Windows Machine from the Akeyless CLI

Let's set up remote access to a Windows Machine using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

Run the update-item command to define the following fields to the dynamic secret that specifies the Windows machine details and access credentials:

akeyless update-item --name <Dynamic Secret Name>\
--secure-access-enable true \
--secure-access-host <hostname or IP> \
--secure-access-rdp-domain <domain name>
akeyless update-rotated-secret --name <Rotated Secret Name> \
--secure-access-enable true \
--secure-access-host <hostname or IP> \
--secure-access-rdp-domain <domain name>
--rotate-after-disconnect <true|false>

where:

  • secure-access-host: The hostname (or IP address) for accessing the Windows machine as defined in the dynamic secret. For multiple values repeat this flag.
  • secure-access-rdp-domain: Optional, only required when the dynamic secret is configured to create credentials for a fixed user. This option defines the domain to which the Windows user for whom credentials are created belongs.

Optional:

  • secure-access-rdp-user : Override the RDP Domain username.
  • secure-access-allow-external-user: Allow providing external user for a domain users [true/false].
  • rotate-after-disconnect: Optional for Rotated Secret. You can enable an automatic secret rotation after a session ends.

Set Up Remote Access to a Windows Machine from the Akeyless Console

Let's set up remote access to a Windows Machine from the Akeyless Console. If you'd prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Secrets & Keys.

  2. Select the Dynamic Secrets or the Rotated Secret that specifies the Windows machine details and access credentials.

  3. Expand the Secure Remote Access menu, select the pencil icon and enable the Secure Remote Access ,then fill the following fields:

  • Host(s) : The hostname (or IP address) for accessing the Windows machine as defined in the dynamic secret.
  • Domain : Optional, only required when the dynamic secret is configured to create credentials for a fixed user. This option defines the domain to which the Windows user for whom credentials are created belongs.
  • Override User: Optional, override the RDP Domain username.
  • Allow Providing External Username: Optional. Select to enable an external username to log in to the target host.
  1. To the right of the Enable Secure Remote Access field, select the tick mark icon to save your changes.

Access a Windows Machine Over the Web from the Secure Remote Access Portal

  1. Log in to the Secure Remote Access Portal and select Remote Desktop.

  2. Select the Windows machine hostname or IP address, then select Connect.
    A new tab opens, in which you can interact with the Windows machine according to your permissions.

  3. To lock the RDP screen, you can leverage the On-Screen Keyboard (OSK)- when using your own keyboard, press “Ctrl + Alt” and hit “Del” on the OSK inside your RDP session. Alternatively, you can simply close the relevant tab to disconnect the session.