Windows Internals

After you install the server agent and enroll the server, the server agent creates local server accounts for all Okta Privileged Access users that are part of the related project. On Windows, these accounts are disabled unless a connection is active.

On Windows, a related access broker process is responsible for proxying Remote Desktop Protocol (RDP) connections. Using port 4421, this process is required to allow successful RDP connections to the server. For more information, see Configure the Okta Privileged Access server agent.

Server Configuration

On Windows, the Okta Privileged Access server agent runs under the LocalSystem account. You can control the Okta Privileged Access server agent by manually creating a configuration file. On Windows, this file must be manually created at C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\sftd.yaml. For details, see Configure the server agent.

Server Connections

You can open an RDP connection with the rdp command (sft rdp <server-name> ).

Paths

Information related to the Okta Privileged Access server agent installation is stored within the AppData\Local\ folder.

• State directory: C:\Windows\System32\config\systemprofile\AppData\Local\scaleft
• Configuration file: C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\sftd.yaml
  Note: You must manually create the configuration file.
• Log directory: C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\Logs
  Note: Log files are rotated after 5MB and only the 10 most recent log files are kept.
• Enrollment token: C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\enrollment.token