sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Monday, 28 July 2025

CyberArk: SSMS20 launch using CyberArk PAM 14.4

 Connect SQL Server Management Studio to CyberArk PSM with Database Authentication

CyberArk Privileged Session Manager (PSM) provides secure and monitored access to sensitive systems, including Microsoft SQL Server. This article walks you through the complete step-by-step setup to enable SQL Server Management Studio (SSMS) connections to SQL databases via CyberArk PSM, using local database authentication.

What You'll Achieve

You’ll configure:

  • SSMS as a PSM connection client

  • AppLocker policies to permit SSMS

  • PVWA connection component with proper parameters

  • Account and security settings for database access

 Prerequisites

Before you begin:

  • PSM must be installed and operational

  • CyberArk PVWA is accessible

  • SSMS installer is downloaded from Microsoft

  • Local database account with permissions is created

Step-by-Step Configuration

 Step 1: Import SQL Server Connection Component

  1. Go to the CyberArk Marketplace.

  2. Download the connection component:
    SQL Server Management Studio with Database Authentication.

  3. Copy files from:

    java

    C:\Program Files (x86)\CyberArk\PSM\Components\Connectors\PSM-SSMSConnetor

    To:

    java

    C:\Program Files (x86)\CyberArk\PSM\Components

Step 2: Install SSMS on the PSM Server

  1. Download SQL Server Management Studio (SSMS) from the Microsoft website.

  2. Install it at:

    pgsql

    C:\Program Files (x86)\Microsoft SQL Server Management Studio 20\Common7\IDE\Ssms.exe

 Step 3: Configure AppLocker for SSMS

  1. Navigate to the PSM Hardening folder:

    java

    C:\Program Files (x86)\CyberArk\PSM\Hardening

  2. Remove read-only attribute from PSMConfigureAppLocker.xml.

  3. Edit PSMConfigureAppLocker.xml:

    xml

    <Application Name="SSMS20" Type="Exe" Path="C:\Program Files (x86)\Microsoft SQL Server Management Studio 20\Common7\IDE\Ssms.exe" Method="Publisher" />

  4. Save and close the file.

  5. Apply AppLocker policy:

    powershell

    CD "C:\Program Files (x86)\CyberArk\PSM\Hardening"
./PSMConfigureAppLocker.ps1

Step 4: Configure Account Settings in PVWA

While onboarding the target database account, define:

ParameterValue
UsernameLocal database user (e.g., sa)
AddressHostname/IP or FQDN of the SQL server

Step 5: Configure Connection Component Settings

In PVWA → Connection Components, configure:

🔸 Target Settings

ParameterDescriptionDefault
ClientInstallationPathPath to ssms.exeC:\Program Files (x86)\Microsoft SQL Server Management Studio 20\Common7\IDE\Ssms.exe
WindowLoadTimeoutTime to load Connect window (in sec)500
CmdLineParmsHideTimeoutCmd parameter hide delay (ms)20000
ClientErrorTimeoutWait time for error (sec)30
ApplicationStartTimeoutApp launch timeout (ms)500000
TimeoutWait for app window (ms)8000
SSMSErrorMessageDisplayDurationDisplay error pop-up duration (ms)30000
MainWindowTitle(Optional) App main window title-
MainWindowClass(Optional) App main window class-

🔸 Encryption Settings

ParameterDescriptionDefault
EncryptionEnforce encrypted connectionMandatory
TrustServerCertTrust self-signed SQL certNo
HostNameInCertificateSQL server hostname (required if TrustServerCert = No)FQDN

🔸 Optional

ParameterPurpose
AllowMappingLocalDrivesAllow drive mapping during session


Happy Learning !!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)