SQL Server Management Studio

Add SQL Server Management Studio to your desktop app catalog to allow Privileged Access Service administrators to configure which users are allowed to connect to SQL database instances that reside on a remote application host system. Users can log in to remote desktop applications with specified credentials and without having to checkout a password. Delinea Privileged Access Service uses standard command-line architecture to pass account parameters and credentials to desktop applications running under remote desktop services. Additionally, detailed information about user activity on the host application system can be captured on the systems you choose to audit.

SQL Server Management Studio Prerequisites

Before you configure Desktop Applications in the Admin Portal for remote access, you need to make sure your environment meets the following requirements:

  • A standalone Windows Server with Remote Desktop Services deployed. In Remote Desktop Services, you need to:

    • Publish the desktop application to your remote desktop collection.

    • Configure desktop application parameters to Allow any commandline parameters*. This enables the Privileged Access Service command line functionality.

      Delinea recommends that you do not run remote desktop services on the same Windows Server that includes the Delinea Connector.

  • One or more of the following Privileged Access Service administrator rights to access the Apps tab in Admin Portal (also see Admin Portal administrative rights):

    • Privileged Access Service User

    • Privileged Access Service Power User

    • Privileged Access Service Administrator

  • The application host must have View permission.

  • Application Management administrator right to access Apps > Add Desktop Apps.

  • Desktop App administrator has Grant permissions for account objects that are specified as arguments in a command line.

  • If you configure the remote desktop app host login to use Shared account credentials, the Desktop App administrator must have Grant permission for the user associated with the Shared Host Login account.

  • An active SQL Server Management Studio account with the following minimum permissions: Login permissions to the target SQL Server Management Studio Server instance and Connect permissions to the target SQL Server Management Studio Database.

Configuring SQL Server Management Studio

The following steps are specific to this application and are required in order to manage application access to SQL Server Management Studio.

  1. In the Admin Portal. click Apps, and then Desktop Apps to add the SQL Server Management Studio application.

  2. Click Add Desktop App to open the Add Desktop Apps wizard.

  3. Next to the application you want to add, click Add.

    You can also use the Search tab to find an application. Enter the partial or full application name in the Search field and click the search icon.

  4. In the Add Desktop App screen, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application that you just added opens to the Application Settings page.

  6. On the Application Settings page, specify the following settings:

    Option Description
    Application Host To add an application host system with a database instance: Click Select next to the Application Host text box to select the relevant remote host system. Start typing the system name into the search box and select the system you want to add. Systems that you have View rights to are displayed. Click Done. The relevant remote host system is displayed in the text box.
    Host Login Credentials Select one of the following log in methods to be used when launching the RDP connection to the application host system: User's Active Directory credential Select this option to allow users to log in to the application host system using their AD credentials. To configure this option you also need to make sure that Securely capture users passwords at login is enabled in Settings > Authentication > Security Settings. Select Alternative Account Select this option to allow users to log in to the application host system using their alternative account. If only one alternative account is available, then selecting Launch from the Admin Portal proceeds directly to a login screen. If more than one alternative account is available, you need to first select which account to use to log in to the application host system, and then click Continue. For information on alternative accounts, see Discovering alternative accounts. Prompt for username and password Select this option to allow users to log in to the application host system using their own Windows credentials. Selecting Launch from the Admin Portal, prompts the user for their Windows User Name and Password. Shared Account Select this option to allow users to log in to the application host system using shared accounts. Administrators must have the Grant permission for the shared account in order to configure the account for access. Selecting this option means that all users use the same shared account in order to access the application host system. Delinea recommends that you use a different Windows account for each Desktop App configuration using a shared account to avoid session conflicts. Click Select next to the Shared Account text box to select the relevant account. Start typing the system name into the search box. Available shared accounts are displayed. Select the shared account you want to have access to the host system. Click Done. The shared account is displayed in the text box.
  7. Locate the Alias name in the remote desktop server (Server Manager > Remote Desktop Services > Alias column) for the published application and enter the information into Application Alias field in the Admin Portal.

    The default setting for SQL Server Management Studio is Ssms. If your configuration does not use the default alias, you will need to modify the default setting to reflect your configuration.

  8. (Optional) Select the database and user account arguments to be used in the command line when launching the application host system.

    These arguments instruct the application host system how to access the application and replace the placeholders in the command line string below.

    Argument Description
    database To configure the database argument: Click Select in the database row to select the relevant database. Start typing the database name into the search box. Available databases are displayed. Click the database that you want to access. Click Select.
    user To configure the user argument: Click Select in the user row to select a relevant user account. Start typing the account name into the search box. Available user accounts are displayed. Click the user name that you want to have access to the application host system. Click Select.
  9. (Optional) Enter command line arguments for {database.FQDN}\{database.InstanceName} {user.User} {user.Password} in the command string.

    Linked object placeholders are available and are displayed as {argumentName.linkedObjectAttribute}.

    This field, when configured with the command line arguments, passes the credential and target database information to the desktop application on how to launch and log in to the application host system. Use the command line arguments in the field above to replace the placeholders in the string provided. When you launch the application the placeholders are replaced with the specified database and user arguments.

  10. (Optional) On the Description page, you can:

    • Add a unique name and description for each supported language instance.

    • Change the name, description, and logo for the application.

  11. Configure the following Desktop App pages as needed. Click Save at the bottom of each page to save your changes.