Using ScaleFT with Windows requires installing the ScaleFT Server Tools on the server, and Client Tools on the client. See below for directions.
Once the ScaleFT Server Tools are installed on the server and the server is enrolled, the ScaleFT Agent (
sftd) does two
The Access Broker uses TLS 1.2 to authenticate all clients using client certificates that can only be issued by the ScaleFT platform.
In order to establish an RDP connection, the ScaleFT client:
The RDP client connects to the local TCP port and is forwarded to the RDP service on the server. The RDP server is able to automatically authenticate as the user without any further prompting.
When the user logs out, the agent will automatically disable their account.
Server configuration follows the same principles as it does on Linux.
In order to enroll the server using an enrollment token, write the token to:
Alternatively if you are using AWS you can associate your AWS account with a ScaleFT project.
ScaleFT Server Tools installers are available here.
ScaleFT Server Tools can be automatically installed on AWS using the following userdata script. If you are using an
enrollment token be sure to replace the value of
$enrollment_token. If you have associated your AWS account with your
ScaleFT project, you can omit the first half of the script which is responsible for writing the enrollment token.
<powershell> # Write the Enrollment Token $enrollment_token = "ENROLLMENT TOKEN GOES HERE" $enrollment_token_path = "C:\windows\system32\config\systemprofile\AppData\Local\ScaleFT\enrollment.token" New-Item -ItemType directory -Path (Split-Path $enrollment_token_path -Parent) $enrollment_token | Out-File $enrollment_token_path -Encoding "ASCII" # Install ScaleFT Server Tools $installer_url = "https://dist.scaleft.com/server-tools/windows/latest/ScaleFT-Server-Tools-latest.msi" $installer_path = [System.IO.Path]::ChangeExtension([System.IO.Path]::GetTempFileName(), ".msi") (New-Object System.Net.WebClient).DownloadFile($installer_url, $installer_path) msiexec.exe /qb /I $installer_path </powershell>
Windows Client installers are available here.
Once the client is installed it must be enrolled into your team by running
To RDP to a server using ScaleFT run:
sft rdp <server-name>
If you need to traverse one or more bastions use
--via arguments, such as:
sft rdp --via <first.bastion> --via <second.bastion> <server>
The configuration format used by the agent is the same on Windows as it is on Linux. See the sftd reference for details.