Windows Remote App Launcher

PAM provides the ability to configure secure high trust application logins for remote application proxies using the Windows Remote Desktop Services RemoteApp functionality available in Windows Server. To learn more about this Windows Remote Desktop services technology, click here.

In addition to Windows RDS, PAM  also supports the launching of remote apps using TSplus.

Cases and scenarios

The following use cases and scenarios are covered when configuring PAM to use your Windows RemoteApp infrastructure:

  • Provides end-users the ability to securely login and use Remote Applications without providing their native privileged credentials.
  • Easily capture video and keystroke recordings of all activity during their remote application sessions.
  • Quickly share access using permissions and workflows to ensure users have access to the remote applications during the times when they need it the most.
  • Assign policies to securely rotate passwords using time, event or automated actions.

Remote App Launcher work

Remote App Launcher works with your existing Windows Desktop Services RemoteApp environment by:

  1. Creating a secure connection to your Windows Desktop Services RemoteApp host.
  2. Executing a script from this host using a Published application to launch only the user’s desired remote application.
  3. Securely entering the credentials for the remote application without fully disclosing them to the user.
  4. Once authenticated, enabling controls (mouse and keyboard) for the user so they can utilize the remote application.
  5. Recording keystrokes and (optionally) video of the user’s session with the remote application.


To use the Remote App Launcher, the following pre-requisites are required:

  1. Fully implemented, configured and working Windows Remote Desktop Services Host. If you have not deployed a Windows Remote Desktop Services host yet, there are many online tutorials available with this one being an example:,-remoteapp-on-windows-server-2
  2. The credentials entered into the System Remote App Host record must be included in the Collections properties as a member of User Group.
  3. The XTAutoShell program must be installed and made a Published RemoteApp Program.
  4. Both the Drives and Clipboard options must be enabled in the RDS Collection’s Client Settings configuration (shown in the screenshot below).


Remote Applications articles

To get started using PAM to securely manage Remote Applications, please review the following articles:

How to configure Remote App Hosts and Records in XTAM using Windows RDS (Getting Started Guide)

How to configure Remote App Hosts and Records in XTAM using TSplus (Getting Started Guide)

How to create your own Remote App Launcher record type