Windows Internals
Before you begin
After you install the server agent and enroll the server, the server agent creates local server accounts for all Okta Privileged Access users that are part of the related project. On Windows, these accounts are disabled unless a connection is active.
On Windows, a related access broker process is responsible for proxying Remote Desktop Protocol (RDP) connections. Using port 4421, this process is required to allow successful RDP connections to the server. For more information, see Configure the Okta Privileged Access server agent.
Server Configuration
On Windows, the Okta Privileged Access server agent runs under the LocalSystem account. You can control the Okta Privileged Access server agent by manually creating a configuration file. On Windows, this file must be manually created at C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\sftd.yaml. For details, see Configure the server agent.
Server Connections
You can open an RDP connection with the rdp
command (sft rdp <server-name>
).
When you connect with the Windows RDP client, the title bar may display the loopback IP address (for example, 127.0.0.1).
Paths
Information related to the Okta Privileged Access server agent installation is stored within the AppData\Local\ folder.
- State directory:
C:\Windows\System32\config\systemprofile\AppData\Local\scaleft
- Configuration file:
C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\sftd.yaml
Note: You must manually create the configuration file. - Log directory:
C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\Logs
Note: Log files are rotated after 5MB and only the 10 most recent log files are kept. - Enrollment token:
C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\enrollment.token