--- title: Configuring remote desktop access description: When you onboard a cloud account, PingOne Privilege automatically discovers all remote desktop protocol (RDP) instances. component: privilege page_id: privilege:configuration:access-protocols/rdp canonical_url: https://docs.pingidentity.com/privilege/configuration/access-protocols/rdp.html revdate: May 4, 2026 section_ids: step-1-create-a-domain-controller-configuration: "Step 1: Create a Domain Controller Configuration" method-a-for-non-domain-joined-machines: "Method A: For Non-Domain-Joined Machines" method-b-for-domain-joined-machines: "Method B: For Domain-Joined Machines" step-2-bind-the-rdp-instance-to-the-configuration: "Step 2: Bind the RDP Instance to the Configuration" --- # Configuring remote desktop access When you onboard a cloud account, PingOne Privilege automatically discovers all Remote Desktop Protocol (RDP) instances, which are then listed as targets. To enable passwordless access to these targets, you must configure an access method based on whether the target machine is joined to an Active Directory (AD) domain. First, you will create a Domain Controller configuration, which acts as a template for RDP connections. Then, you will bind individual RDP targets to this configuration. ## Step 1: Create a Domain Controller Configuration Choose one of the following methods depending on your target environment. ### Method A: For Non-Domain-Joined Machines For standalone Windows servers, use the Local User mode to store and manage a local administrator account. 1. In the PingOne Privilege admin console, go to **Settings > AD Domain Controllers**. 2. Click **Create New**. 3. Enter a **Name** for this configuration, such as `Standalone Web Servers`. 4. Enable the **Local User Mode** toggle. 5. In the **Username** and **Password** fields, enter the credentials for a local administrator account on the target machine. These credentials will be stored securely in the PingOne Privilege vault. 6. (Optional) Enable **Rotate Passwords** to have PingOne Privilege periodically change this password on the target machine. 7. Configure the auto-approval schedule, specifying when user access requests can be approved automatically. 8. Click **Save**. ![The RDP window.](../_images/remote-desktop-access-1.webp) ### Method B: For Domain-Joined Machines For Windows servers joined to an Active Directory domain, create a configuration that stores domain credentials. 1. In the PingOne Privilege admin console, go to **Settings > AD Domain Controllers**. 2. Click **Create New**. 3. Enter a **Name** for this configuration, such as `Corporate AD Domain`. 4. Ensure the **Local User Mode** toggle is disabled. 5. Enter the credentials for a privileged **Domain Admin** account. This service account is used by PingOne Privilege to manage other users' passwords within the domain. 6. For each standard domain user account you want to manage, click **Add User** and enter their `Username` and `Password`. 7. Select the **Cloud Type** (AWS, GCP, or Azure). This makes the domain controller configuration the default for RDP targets in that cloud provider. 8. (Optional) Enable the **Rotate Passwords** feature. 9. Configure the auto-approval schedule. 10. Click **Save**. ![The Create AD domain controller window.](../_images/remote-desktop-access-2.webp) ## Step 2: Bind the RDP Instance to the Configuration After creating a configuration, you must bind each RDP target to it. 1. In the PingOne Privilege admin console, go to **Access Management > Targets**. 2. Find the target RDP instance and click **More Info**. 3. From the **AD Domain Controller** list, select the configuration you created in the previous step. 4. Enable the **Managed** toggle for the RDP instance. 5. Click **Update**. ![DemoRDP window with Managed toggle and AD domain controlled field highlighted.](../_images/remote-desktop-access-3.webp)