Access Guide

Windows Desktop Access

Secure Windows Desktop access with certificate authentication, session recording, and browser-based RDP. No VPN or shared credentials required.

Estimated time: 20 minutes

Key Features

Certificate Auth

No shared passwords or credentials

AD Integration

Works with Active Directory

Session Recording

Record and replay RDP sessions

Browser Access

Access via web browser, no client needed

Capabilities

Certificate-based RDP authentication

Active Directory integration

Session recording and playback

Clipboard and file transfer controls

Multi-monitor support

Browser-based access

Session sharing for collaboration

Just-in-time access requests

Setup Steps

Deploy Windows Desktop Agent

Install the TigerAccess agent on Windows servers.

# Download and install agent (PowerShell)
Invoke-WebRequest -Uri https://get.tigeraccess.io/agent.msi -OutFile agent.msi
msiexec /i agent.msi /quiet

# Configure agent
tigeraccess configure \
  --auth-server=auth.company.com:3025 \
  --labels=env=production,team=platform

Register Windows Desktop

Add Windows desktops to TigerAccess.

tacctl create -f - <<EOF
kind: windows_desktop
metadata:
  name: win-server-1
  labels:
    env: production
    team: platform
spec:
  addr: 10.0.0.50
  domain: company.local

  # Use certificate-based auth
  ad_domain: COMPANY
  ldap_ca: /etc/tigeraccess/ad-ca.crt
EOF

Configure Desktop Access Role

Define who can access which Windows desktops.

tacctl create -f - <<EOF
kind: role
metadata:
  name: windows-admin
spec:
  allow:
    windows_desktop_labels:
      env: [production]
    windows_desktop_logins: [Administrator, "{{internal.windows_logins}}"]

  options:
    max_session_ttl: 4h
    record_session:
      default: strict
EOF

Access Windows Desktops

Connect to Windows desktops through TigerAccess.

# Login
tac login --proxy=access.company.com

# List available desktops
tac desktop ls

# Connect via web browser
tac desktop open win-server-1

# Or use the desktop client
tac desktop connect win-server-1 --user=Administrator

Windows Desktop Access Configured

With Windows Desktop access configured, you have:

Certificate-based RDP authentication
Active Directory integration
Complete session recording
Browser-based access from anywhere

Related Guides

Session Recording

Record RDP sessions

Just-in-Time Access

Temporary desktop access

PAM

Privileged access controls