Connection Components (2024)

By default, PSM supports the following connection components:

  • PSM-SSH

  • PSM-RDP

  • PSM-Telnet

  • PSM-TOAD

  • PSM-SQLPlus

  • PSM-VSPHERE

  • PSM-AS400

  • PSM-OS390

  • PSM-SQLServerMgmtStudio

  • PSM-MS-Azure

  • PSM-PVWA

  • PSM-AWSConsoleWithSTS

  • PSM-PTA

  • PSM-WinSCP

By default, PSM for SSH supports the following connection components:

These parameters define settings for privileged SSO and transparent connections to remote devices, either directly or through PSM.

Privileged SSO and transparent connections to remote devices

EnableConnectAddressHistory
Description Determines whether or not a list of addresses accessed with the selected account will be displayed in the Connect with Account window.
Acceptable Values Yes/No
Default Value Yes
MaxConnectHistory
Description Defines the maximum number of remote machine addresses that can be displayed in the Connect with Account window. The address history is saved per account for each PVWA user.
Acceptable Values Number
Default Value 7
MaxConnectAccountsNumber
Description Defines the maximum number of accounts whose machine addresses history will be displayed in the Connect with Account window.
Acceptable Values Number
Default Value 20
MaxScriptFileSizeInKB
Description Defines the maximum size in KB of a connection component script file.
Acceptable Values Number
Default Value 1024

Connection Component

These parameters define settings for privileged SSO/transparent connections to remote devices for a specific connection component, such as PSM-RDP or PSM-SSH.

Privileged SSO/transparent connections to remote devices

Id
Description A unique ID that identifies the connection parameters.
Acceptable Values String
Default Value
FullScreen
Description

Whether or not the remote connection window will be opened in full screen mode. The full screen mode opens a new window with an additional window for logon.You can toggle between screen modes with Alt+Ctrl+Break.

The RemoteApp user experience enables standard window resizing capabilities so this parameter does not apply to RemoteApp
Acceptable Values Yes/No
Default Value No
Height
Description

The height in pixels of the desktop resolution on the remote machine. The height of the window that is opened on the remote desktop is calculated from this parameter.

The RemoteApp user experience enables standard window resizing capabilities so this parameter does not apply to RemoteApp
Acceptable Values Number
Default Value 768
Width
Description

The width in pixels of the desktop resolution on the remote machine. The width of the window that is opened on the remote desktop is calculated from this parameter.

The RemoteApp user experience enables standard window resizing capabilities so this parameter does not apply to RemoteApp
Acceptable Values Number
Default Value 1024
EnableWindowScrollbar
Description Whether or not scrollbars will be added to the connection logon window.
Acceptable Values Yes/No
Default Value No
Type
Description The interface that is used for the remote connection.
Acceptable Values Full interface name
Default Value
DisplayName
Description Defines the display name of the connection component.
Acceptable Values String
Default Value

Component Parameters

These parameters define a connection to the remote device.

redirectclipboard
Description Whether or not users will be able to redirect the clipboard from their local machine to the remote server.This parameter differs according to the connection method:
For RDP File connections – redirectclipboard:i
Acceptable Values
0 – Users will not be able to redirect the clipboard.
1 – Users will be able to redirect the clipboard.
Default Value 1
Redirectprinters
Description Whether or not users will be able to redirect printers from their local machine to the remote server.
0 – Users will not be able to redirect printers.
1 – Users will be able to redirect printers. This is the default value.
<![CDATA[]]>Note: To redirect printers, the AllowMappingLocalDrives parameter must be enabled.This parameter differs according to the connection method:
For RDP File connections – redirectprinters:i
Acceptable Values
0 – Users will not be able to redirect printers.
1 – Users will be able to redirect printers.
Default Value 1
Name
Description The name of a parameter that defines the connection to the remote device.
AcceptableValues String
Default Value
Value
Description The value of the parameter that defines the connection to the remote device.
Acceptable Values String
Default Value

User Parameters

These parameters define parameters that prompt users for more information in the transparent connection window so that the transparent connection can be opened.

The following parameters can be set for each user parameter:

Name
Description The name of the parameter.
AcceptableValues String
Default Value
DisplayName
Description The exact way that the parameter name will be displayed in the connection window.
Acceptable Values String
Default Value
Value
Description The default value of this parameter.
Acceptable Values String
Default Value
Visible
Description Whether or not the user will be prompted for this parameter before the connection is established.
Acceptable Values Yes/No
Default Value
Required
Description Whether or not users are required to provide extra information in the transparent connection window so that the remote connection can be activated.
Acceptable Values Yes/No
Default Value
Type
Description The type that will be used to modify the appearance or behavior of a parameter UI field.
Acceptable Values String
Default Value
EnforceInDualControlRequest
Description Whether or not the user will be required to provide this information in order to create a dual control request.
Acceptable Values Yes/No
Default Value No
AllowMappingLocalDrives
Description

Whether or not users will be allowed to redirect their local hard drives to the remote server.

This is not supported for remote devices that run on Windows 2000.
Acceptable Values Yes/No
Default Value No
AllowConnectToConsole
Description Whether or not users will be allowed to connect through the PVWA to the administrative console of the remote machine.
Acceptable Values Yes/No
Default Value No
RedirectSmartCards
Description Whether or not users will be allowed to redirect their Smart Card so that the certificate stored on the end user's card can be accessed on the target.To enable this feature, the Smart Card driver must be installed on the PSM machine. In load-balanced implementations, the driver must be installed on all load balanced PSMs.
Acceptable Values Yes/No
Default Value Yes
AllowSelectHTML5
Description

Whether users can select which connection method, HTML5-based or RDP-file, to use when connecting to the remote server.
This is useful for allowing users to connect externally using HTML5 and internally using RDP-file.

  • This option is only available in the Version 10 interface.
  • To add this parameter, we recommend copying the AllowMappingLocalDrives parameter and changing the Name and DisplayName fields. The Type (CyberArk.TransparentConnection.BooleanUserParameter, CyberArk.PasswordVault.TransparentConnection) is the same for both parameters.
Acceptable Values Yes/No
Default Value <![CDATA[]]>

Target Settings

These parameters define specific target machine settings.

Protocol
Description Defines the target connection protocol.
AcceptableValues String
Default Value
ClientApp
Description Defines the application to open in the target machine\connection.
Acceptable Values String
Default Value
ClientDispatcher
Description Defines the internal client that will open the target connection.
Acceptable Values String
Default Value
ClientInvokeType
Description The type of the connection client that will be used to connect to the device.
Valid types are Internal (clients developed by CyberArk) and CommandLine.
Acceptable Values String
Default Value Internal
ConnectionComponentInitTimeout
Description The time allowed for the connection component to initialize, in milliseconds. Specify 0 (zero) to indicate no timeout.
Acceptable Values Number
Default Value 20000

Client Specific

These parameters define a dynamic list of parameters for a specific client.

General parameters

<![CDATA[]]>Name<![CDATA[]]>
Description The name of the parameter.
AcceptableValues String
Default Value
Value
Description The default value of this parameter.
Acceptable Values String
Default Value

PSM-RDP parameters

To configurePSM-RDP connection components, specify the following client specific parameters:

Port
Description The port used to connect to the remote device.
Acceptable Values Number
Default Value 3389
AuthenticationLevel
Description The authentication level that will be used for this connection.
Acceptable Values
0 – The PSMserver is not required to authenticate the target machine before connecting to it.
1 – The PSMserver will authenticate the target machine before connecting to it.
2 – The PSM server will authenticate the target machine before connecting to it. If the authentication fails, the user will be able to cancel the connection or to initiate a connection without authentication.
Default Value
StartProgram
Description The full path of the program that will be started when the PSM-RDP connection is initiated.
Acceptable Values Full path
Default Value
WorkDir
Description The full path of the working directory for the program specified in the StartProgram parameter. If this property is not specified, the default working directory will be used.
Acceptable Values Full path
Default Value C:\Users\<current user>
TerminateOnWinAuditInitFailure
Description Whether or not the PSM RDP session will stop when the Windows Events Audit or Universal keystrokes audit cannot be initialized.
Acceptable Values Yes/No
Default Value No
TerminateOnWinAuditTimeout
Description Whether or not the PSM RDP session will stop when the Windows Events Audit or Universal keystrokes audit is not working.
Acceptable Values Yes/No
Default Value Yes
WindowsEventsSampleRate
Description How often PSM will check for new windows that were accessed on the target machine.
Default value:
Acceptable Values Number of seconds
Default Value 0.05
WindowsEventsKeepAlive
Description The number of minutes for which a session will be kept alive when the Windows Events Audit or Universal keystrokes audit is not active.
When the specified amount of time has passed, PSM will decide whether or not to terminate the session according to the value specified in the TerminateOnWinAuditTimeout parameter.
Acceptable Values Number of minutes
Default Value 1
EnableTargetLogging
Description Whether or not trace logging to the Event Viewer on the target machine is enabled.
Acceptable Values Yes/No
Default Value No
WindowsKeystrokesSingleLanguage
Description Whether or not universal keystrokes recording for Windows connections will be supported for a single or additional languages during privileged sessions.
Acceptable Values Yes/No
Default Value Yes
RedirectDrivesRetries
Description The number of times that PSM will try to map local drives on the client computer to the remote machine.
Acceptable Values Number
Default Value 6
RedirectDrivesRetryInterval
Description The number of milliseconds between PSM efforts to map local drives on the client computer to the remote machine, as defined in RedirectDrivesRetries.
Acceptable Values Number of milliseconds
Default Value 5000
WinAuditInitConnectionTimeout
Description The number of milliseconds for the initialization connection for the Windows agents.This parameter is used when the TerminateOnWinAuditInitFailure is set to Yes.
Acceptable Values Number of milliseconds
Default Value 120,000

PSM-SSH parameters

To configure PSM-SSH connection components, specify the following client specific parameters:

Port
Description The port used to connect to the remote device for SSH connections.
Acceptable Values Number
Default Value 22
AutoLogonSequenceWithLogonAccount
Description The authentication level that will be used for this connection.
Acceptable Values A multiline sequence that defines an automatic sign-on process which uses a logon account to log onto a remote machine and then another account to elevate the user so that it can run sessions. The sequence uses regular expression prompts and responses with dynamic values based on the relevant account that can include one or more dynamic references. PSM reads these references in the following order: account properties, user parameters, then client specific parameters.
Default Value
SendRateValue
Description A send rate value in milliseconds that overrides the default send rate delay value, which determines the speed at which the client will send the login sequence keystrokes.
Acceptable Values Number of milliseconds
Default Value
PromptTimeout
Description A timeout value in milliseconds that overrides the default prompt timeout value, which determines how long the client will wait for the next prompt to be received before displaying an error message and closing the session.
Acceptable Values Number of milliseconds
Default Value 30000
ShellPromptForAudit
Description Defines a regular expression that represents the shell prompt. If no value is set the default value is used.
Acceptable Values String
Default Value (.*)[>#\\$]$
TerminateOnShellPromptFailure
Description Whether or not the session will stop if the shell prompt was not recognized after the amout of time defined in the parameter PromptTimeout.
Acceptable Values Yes/No
Default Value No
EnableXForwarding

Description

Whether or not users will be able to connect to remote SSH devices through PSM using X-Forwarding.

Acceptable Values

Yes/No

Default Value

No
XServerCommandLine

Description

Command line argument to use for X-forwarding.

Acceptable Values

String

Default Value

"C:\Program Files (x86)\VcXsrv\vcxsrv.exe" :{XDisplayNumber} -multiwindow -clipboard -nolisten inet6
BackgroundColor

Description

Configure the background color of an SSH session.

Acceptable Values

black, red, green, yellow, blue, magenta, cyan, gray

Default Value

No color
ForegroundColor

Description

Configure the foreground color of an SSH session.

Acceptable Values

black, red, green, yellow, blue, magenta, cyan , gray , dark_gray, bright_red, bright_green, bright_yellow,bright_blue, bright_magenta, bright_cyan, white

Default Value

No color

TicketingRetriesNumber

Description

If the user enters an invalid control character, such as Backspace or Esc, or an invalid ticket ID, a retry mechanism enables the user to correctly re-enter the ticket ID. This parameter determines the number of retries. If the parameter is set to 0, no retries are allowed.

Acceptable Values

 Number

Default Value

 3

EnableTERMParsingForAudit

Description

Defines whether the audit supports auto complete for a more interactive experience (Yes) or supports copy/paste of multiple lines for running bulk commands (No).

Acceptable Values

Yes/No

Default Value

Yes

PSM-Telnet parameters

To configure PSM-Telnet connection components, specify the following client specific parameters:

ClientProtocol
Description The protocol used to create the connection to the remote device.
Acceptable Values String
Default Value Telnet
AutoLogonSequence
Description A multi-line sequence that defines the automatic sign-on process using regular expression prompts and responses with placeholders for dynamic values that can include one or more dynamic references. PSMreads these references in the following order: account properties, user parameters, then client specific parameters.
Acceptable Values String
Default Value
AutoLogonSequenceWithLogonAccount
Description The authentication level that will be used for this connection.
Acceptable Values A multiline sequence that defines an automatic sign-on process which uses a logon account to log onto a remote machine and then another account to elevate the user so that it can run sessions. The sequence uses regular expression prompts and responses with dynamic values based on the relevant accounts that can include one or more dynamic references. PSM reads these references in the following order: account properties, user parameters, then client specific parameters.
Default Value
SendRateValue
Description A sent rate value in milliseconds that overrides the default send rate delay value, which determines the speed at which the client will send the login sequence keystrokes.
Acceptable Values Number of milliseconds
Default Value
PromptTimeout
Description A timeout value in milliseconds that overrides the default prompt timeout value, which determines how long the client will wait for the next prompt to be received before displaying an error message and closing the session.
Acceptable Values Number of milliseconds
Default Value 30000
ShellPromptForAudit
Description Defines a regular expression that represents the shell prompt. If no value is set the default value is used.
Acceptable Values String
Default Value (.*)[>#\\$]$
TerminateOnShellPromptFailure
Description Whether or not the session will stop if the shell prompt was not recognized after the amout of time defined in the parameter PromptTimeout.
Acceptable Values Yes/No
Default Value No
BackgroundColor
Description

Configure the background color of an SSH session.

Acceptable Values

black, red, green, yellow, blue, magenta, cyan, gray

Default Value

No color
ForegroundColor
Description

Configure the foreground color of an SSH session.

Acceptable Values

black, red, green, yellow, blue, magenta, cyan , gray , dark_gray, bright_red, bright_green, bright_yellow,bright_blue, bright_magenta, bright_cyan, white

Default Value

No color

<![CDATA[]]>PSM-WinSCP parameters

To configure PSM-WinSCP connection components, specify the following client specific parameters:

DispatcherParameters
Description The parameter that defines the target server and the connection. This parameter uses the following syntax:
{Address}
{Username}
{Password}
[{PSMClientApp}]
[{Port}]
[{FileTransferProtocol}]
[{WindowTimeout}]
[{RestrictiveMode}]
[{AcceptHostKeyInCache}]These parameters must be specified in the above order and on a different line.This syntax is explained below:
Address – Hostname/IP of the target server.
Username – Username of the target account.
Password – Password of the target account.
WinSCP Executable Path – Location of the WinSCP exe file. If this is not specified, the default path is used – C:\Program Files (x86)\CyberArk\ PSM\Components\WinSCP.exe.
Port – Port used to connect to the remote device. If this is not specified, the default port is used – 22.
FileProtocol – The protocol used to transfer files. Optional values are SCP and SFTP. If this is not specified, the default value is used – SFTP.
WindowTimeout – Number of seconds to wait for each window. If this is not specified, the default value is used – 30 seconds.
RestrictiveMode – Whether or not to kill the process if an unexpected window appears during initialization and login. Specify Yes to end the process automatically or No to allow the user to handle the unexpected windows within the timeout limits. If this is not specified, the default value is used – No.
AcceptAddingKeyToCache – Whether or not to dismiss the host key warning by adding the host key into the machine cache. Specify Yes to continue connecting automatically (the key is not added to the cache) or No to ask the user to add the host key manually. If this is not specified, the default value is used – No.
Note: Do not specify a new line after the final parameter.
Acceptable Values Number
Default Value 3389
RedirectDrivesRetries
Description The number of times that PSM will try to map local drives on the client computer to the remote machine.
Acceptable Values Number
Default Value 6
RedirectDrivesRetryInterval
Description The number of milliseconds between PSM efforts to map local drives on the client computer to the remote machine, as defined in RedirectDrivesRetries.
Acceptable Values Number of milliseconds
Default Value 5000

PSM-OS390 parameters

To configure PSM-OS390 connection components, specify the following client specific parameters:

SourceFileTemplate
Description A macro file that contains a list of commands to the client. These commands can be specified with placeholders (in parentheses {}), so that users can specify custom metadata.
Note: The default source file template is a sample. Change this to specify the source file in your environment.
Acceptable Values String
Default Value -
CommandLineArguments
Description The wc3270 option that can be run during the PSM-OS390 connection session.
Acceptable Values String
Default Value -

<![CDATA[]]>PSM-AS400 parameters

To configure PSM-AS400 connection components, specify the following client specific parameters:

SourceFileTemplate
Description

A macro file that contains a list of commands to the client. These commands can be specified with placeholders (in parentheses {}), so that users can specify custom metadata.

The default source file template is a sample. Change this to specify the source file in your environment.
Acceptable Values String
Default Value -
CommandLineArguments
Description The list of WC3270 options that can be run during the PSM-AS400 connection session. Separate multiple options with commas.
Acceptable Values String
Default Value -

Multiline Parameter

These parameters define a dynamic multiline-parameter for a specific client.

Name
Description The name of the parameter.
AcceptableValues String
Default Value
Value
Description The default value of this parameter.
Acceptable Values String
Default Value

Lock Application Window

These parameters define the behaviour of the Lock Application Window process.

Name
Description

<![CDATA[]]>Whether or not the application window will be locked on the screen.

This parameter is ignored when the RemoteApp user experience is enabled. For more information, refer to the UseRemoteApp parameter in Privileged Session Management UI
AcceptableValues Yes/No
Default Value Yes
MainWindowTitle
Description Used to identify the main window.
Acceptable Values String
Default Value
MainWindowClass
Description Used to identify the main window.
Acceptable Values String
Default Value <![CDATA[]]>
Timeout
Description The time, in milliseconds, to wait for the application window to be displayed.
Acceptable Values

Number
Default Value 8000
SearchWindowWaitTimeout
Description The time, in milliseconds, to wait betweeneach iteration when searching for the application window.
Acceptable Values Number
Default Value 30

Supported Capabilities

These parameters define a list of capabilities supported by the connection component.

Capability - A capability supported by the connection component.
Id
Description

The unique ID of a capability. This ID is taken from the list of capabilities configured in the Connection Client Settings in the PSM configuration.

PSM-Toad connections supports the following capabilities:

OraclePasswordProtection
SQLLevelAudit
SQLTextRecorder

PSM-SQLPlus connections supports the following capabilities:

SQLLevelAudit
SQLTextRecorder

PSM-SSH connections supports the following capabilities:

SSHTextRecorder
SSHKeystrokesAudit
LogonAccount
SupportXForwarding
Commands Access Control

PSMP-SSH connection components support the following capabilities:

SSHTextRecorder
SSHKeystrokesAudit
LogonAccount
SSHPasswordHiding
Commands Access Control

PSM-RDP connection components support the following capabilities:

  • WindowsEventsTextRecorder
  • WindowsEventsAudit

PSM-MS-Azure connection components support the following capabilities:

  • WindowsEventsTextRecorder
  • WindowsEventsAudit

PSM-PVWA connection components support the following capabilities:

  • WindowsEventsTextRecorder
  • WindowsEventsAudit

PSM-PTAconnection components support the following capabilities:

  • WindowsEventsTextRecorder
  • WindowsEventsAudit

PSM-AWSConsoleWithSTSconnection components support the following capabilities:

  • WindowsEventsTextRecorder
  • WindowsEventsAudit

PSMP-SCP connection components supports the following capability:

SCPAudit

All other connections support the following capabilities:

KeystrokesAudit
KeystrokesTextRecorder
AcceptableValues String
Default Value
Connection Components (2024)
Top Articles
What you need to know about privacy screen protectors
Top 8 home appliances that consume the highest energy in Nigeria - DNB Stories Africa
Grand Park Baseball Tournaments
Big Fifty Friend Melanie Death
Latest Posts
Lemon Coolers (copycat recipe)
Lemon Biscotti - Easy Biscotti Recipe OwlbBaking.com
Article information

Author: Nicola Considine CPA

Last Updated:

Views: 6383

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Nicola Considine CPA

Birthday: 1993-02-26

Address: 3809 Clinton Inlet, East Aleisha, UT 46318-2392

Phone: +2681424145499

Job: Government Technician

Hobby: Calligraphy, Lego building, Worldbuilding, Shooting, Bird watching, Shopping, Cooking

Introduction: My name is Nicola Considine CPA, I am a determined, witty, powerful, brainy, open, smiling, proud person who loves writing and wants to share my knowledge and understanding with you.