Hello ​@immi563 

If someone does share the RDP file and the person its shared with runs it before the timeout expires they will be able to open the session. 

In an Access Policy you could specify a local restriction.

Hi John,

Thanks for response. If under location restriction if IP address of both user is present then sharing RDP file will allow the session to be established ?

Is this not the security issue ? As per my understand  there should be implicit restriction since IP address from where RDP file is downloaded and from where it is launched will be different ?

Let me know your views on the same 

Regards,

Imran 

The token remains valid for 60 seconds by default, which is defined in Configuration > Privileged Access Management > Global Settings Session initialization timeout. Once the session expires or the token has been consumed, the file can no longer be used to establish a connection.  

Because the RDP file contains an embedded authentication token, it is possible for anyone who receives the file — through forwarding, sharing, or accidental exposure — to open an RDP connection to the target system within the token's validity window. This bypasses the approval and authentication controls provided by Password Safe.

RDP session files should be treated with the same level of care as a password. They should not be shared, forwarded, or stored in an accessible location such as a shared drive or email inbox.

Is it possible for Password Safe RDP files to be shared with non-approved users?