Help
FortiSOAR Discussions
Ali_Maher
New Contributor III

Created on ‎08-11-2024 08:33 AM

Action: Logout RDP Session when exceeds the allowed numbers

Hi All,

I hope all is well.

 

We are the progress of creating a use case to check the number of the concurrent RDP session for specific account.

 

Business needs: -

 

1- we have a shared account which is allowed to concurrently login RDP through three servers.

2- we need to disconnect all the RDP sessions once reached to four sessions as that means the credential is compromised.

 

SOAR Automation: -

1- we could recognize the number of the concurrent sessions and we are able to integrate with the active directory.

2- take the " Reset Password " Action to default one preconfigured.

 

But the concurrent sessions of the RDP still connected, and we need to enforce logout them. 

 

FortiSOAR 

#ActiveDirectory

 

@Community 

BR, Ali Maher
BR, Ali Maher
220
0 Kudos
1 REPLY 1
anarula
Staff
Staff

Created on ‎08-11-2024 10:24 PM

Interesting Ask @Ali_Maher .

 

I tried to look into PowerShell options and came across this:

https://github.com/Techsupport4me/David-Powershell/blob/master/Modules/RDS-Manager/RDS-Manager.psm1

 

Disclaimer: I haven't tried it yet, so can't be sure

CTO (SOAR Business) | VP of Engineering
200
Announcements

Welcome to your new FortiSOAR Community!

View More

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.