Configuring PRA

In the Configurations tab, you can customize the remote desktop experience for your tenant.

Customize the Keyboard Layout

Keyboard settings for RDP may be needed when the default keyboard is not US English. This setting will apply to all RDP targets by default, but may be overridden for specific remote targets from the Delinea Menu. (Learn more)

To select a keyboard layout:

  1. Click Edit

  2. Select the desired keyboard layout from the dropdown menu.

Font Smoothing

Font smoothing is a technique that can improve the appearance of text on a computer display. When disabled, text over RDP will have jagged edges. Disable this setting if you need to improve performance due to limited network bandwidth. To disable font smoothing: 

  1. Click Edit

  2. Check the Font smoothing box

ClearType must also be enabled on the remote target machine to support font-smoothing.

Kerberos Authentication

This feature is currently available only to customers participating in our public preview. To access public preview features, see Using the Public Preview Program.

PRA supports authentication to Windows RDP targets using Kerberos Tickets which is a stronger form of authentication as compared to NTLM. This feature is also required when using Active Directory Protected Users security groups.

When you select Kerberos authentication, PRA will first try to connect to the Windows target using Kerberos. If authentication with Kerberos fails, PRA will attempt to connect with NTLM.

Secret Template Requirements

Kerberos authentication also depends on the parameters in the secret templates. Below are the requirements for the Windows Account and Active Directory Account templates: 

  • For the Windows Account secret template, the Username must be in UPN format. (e.g. artdecco@mycompany.com)

  • For the Windows Account template, Machine field (target) in FQDN format (e.g. server01.mycompany.com), Username in UPN format (e.g. artdecco@mycompany.com)

  • For Active Directory Account template: Domain and Computer(target) fields in FQDN format (e.g. server01.mycompany.com)

Enabling Kerberos Authentication

To enable Kerberos authentication:

  1. On the Privileged Remote Access Settings page, click on the Configurations tab.

  2. Click Edit.

    1. Check the Enable box under Kerberos authentication.

      When a Secret Server RDP proxy is in use, authentication between the proxy and the PRA engine/workload is done with NTLM, even when Kerberos is enabled with PRA.