Operating systems

This topic describes how to configure PSM server connection parameters.

Server connections

Run specific commands on RDP connections

Users can configure a PSM-RDP connection component to start the connection by launching a dedicated application on the target machine. When this dedicated application is closed, the RDP session is closed as well.


Make sure that the Remote Desktop Session Host role is installed.

Make sure you have the required number of RDS CALs to enable you to access the RDS server. For more information, refer to Connect to the PSM server with Microsoft Remote Desktop Services (RDS) Session Host.

The following example shows the list of applications which are configured for RDP connections that are made with the selected account, and which will be launched automatically if used to establish the connection.

If you are working with the RemoteApp UX and you have enabled session video recording, PSM performance is affected by the client machine's resolution. This means as the number of screens on the client machines increases, PSM can support fewer concurrent sessions.

Domain accounts

You can use PSM to access target machines using Windows Domain accounts or UNIX Domain/NIS accounts.


In SSH protocol, there is no foolproof way to ensure the identity of the target machine, which could potentially lead to a security risk. Please take this into consideration when using this feature.

UNIX Domain/NIS platforms

Remote machine access

The Vault administrator can configure a list of addresses of remote machines to which a domain account can be used to connect. When a user tries to connect with this account, the list of addresses is displayed and the user can choose an address from the list. The Vault administrator determines whether the user is only allowed to connect to machines that are in the list of addresses or if they are allowed to connect to other machines as well.

If the user tries to connect to a remote machine which is not allowed to them, an error will appear.


This capability can prevent the ability to use the account to connect to machines which are not in the list through PSM or through the PVWA. It will not prevent access to machines in the domain by other means and therefore should not be used for access control to servers. It is recommended to configure and set appropriate access on the target machines through external controls such as firewalls, domain separation and more.

Define a list of remote machines

Make sure you have configured the relevant domain platform to which you will add the account. For more information, refer to Operating systems.

To add or edit a list of addresses, select one of the following procedures:

Does The Account Exist? Is There An Existing List of Addresses? Use Procedure…
N N Define a list of remote machines to access in a new domain account
Y N Define a list of remote machines to access in an existing domain account
Y Y Edit an existing list of remote machines to access in a domain account

Customize connection history to target machines

You can configure connection history to target machines by customizing connection component settings for PSM sessions. You can either use the predefined settings or customize them to meet your specific requirements.

Multiple target addresses

For scenarios where you would like to access multiple targets using the same account, without using a domain account, you can configure the PVWA to display multiple target addresses for users to select from when they create a request or connect to a remote machine.


This can be configured for Windows and Unix accounts.

Enable X-forwarding for SSH connections

Users can connect to remote SSH devices through PSM using X-Forwarding, in addition to using SSH protocol. As with all PSM connections, users do not need to know the privileged password or key content, and the entire session can be recorded for auditing.

Customize AS400 (iSeries) and OS/390 (Z/OS) emulation parameters

Users can customize PSM-AS400 and PSM-OS390 connections by specifying command line arguments for the WC3270 emulation that is used by PSM.

Users can also configure the AS400 (iSeries) and OS/390 (Z/OS) connection components to connect to AS400 and OS/390 targets with SSL through PSM.

Disable FIPS compliancy enforcement

By default, the AS400 and OS/390 connection components enforce the use of certificates that are FIPS compliant.

You can connect to targets with a certificate that is not FIPS compliant, by using the following procedure.

Keyboard mapping