Management server
IIS setup
- Run IIS snap-in, go to Default Web Site\pam section
- Open Configuration Editor in Manage section
- Expand the dropdown list Section:, select system.webServer\security\requestFiltering
- Expand the requestLimits item, set maxQueryString to 8192
- Click Apply in the Actions section
- Go to Default Web Site\pam\core section
- Open Configuration Editor in Manage section
- Expand the dropdown list Section:, select system.webServer\serverRuntime
- Set uploadReadAheadSize to 1048576
- Click Apply in the Actions section
Access server
Setup session collection
- Log on to the server where the Remote Desktop Connection Broker role was deployed, start the Server Manager
- Go to Remote Desktop Services, Collections
- Under Collections, click Tasks and select Create session collections
- Complete the wizard to create a collection with the settings you need.
- Under RemoteApp Programs click Tasks and select Publish RemoteApp Programs
- Click Add, select application \\AccessServerName\c$\Program Files\Indeed\Indeed PAM\Gateway\ProxyApp\Pam.Proxy.App.exe, click Next, Publish
- In the RemoteApp Programs section, open the context menu of the published application and select Edit Properties
- Go to Parameters, set the Allow any command-line parameters option and click OK
Generating secrets, hashes and keys
Generating secret and hash
For the Indeed PAM Core, Indeed PAM Gateway, SSH Proxy and ConsoleApp to interact with the Indeed PAM IdP, you need to generate a secret and its hash.
- Go to Indeed.PAM\Misc\ConsoleApp folder
- Run Command Prompt (CMD)
- Execute Pam.ConsoleApp.exe generate-secret
- Use secret and hash values
Generating SSHProxy host keys
- Go to Indeed.PAM\Misc\ConsoleApp folder
- Run Command Prompt (CMD)
- Execute Pam.ConsoleApp.exe generate-host-key --size 4096
- Use key value
