WINSCP as application file transfer from user machine to RDS server

Attaching WINSCP configuration screen shot

​@immi563 

It would be better for the user to use WinSCP with SFTP directly from their desktop to proxy to the server using the Password Safe direct connect string.

But if you want to continue with the application on Password Safe, create a file share on the RemoteApp server and have your users put their files there. That way, when the application is launched, they can select the file share directory on WinSCP and transfer to the target system.

Hi @Paulitros 

thanks for the response.  We have some restriction on our environment as we cannot use direct connection option as it bypasses azure MFA and customer doesn’t want to use TOTP. Hence we have use the winscp as application .

If we create the network path , then when session will be established by BT, it will be done via RDS functional account . In such case , different users will be able to view and access each other file and it will be security issue for us .  Hence want to understand how can we restrict this .

Hello ​@immi563 

If you are wanting to copy files from your desktop to the target server you can use WinSCP from your desktop with Direct Connect. 

When making a direct connect connections you specify most of the connection information in a connection string in the username field. Something like "Domain\UserName@root@ManagedSystem@Appliance_IP"
Note: You need auto approve enabled to make the connection.
You can find more details on direct connect here.
https://docs.beyondtrust.com/bips/docs/ps-ssh-rdp-connections#use-direct-connect-for-ssh-and-rdp-session-requests

For example to use direct connect in WinSCP to transfer files.

1. Open WinSCP and in the Login box click "New Site"
2. For the file protocal choose SFTP
3. For the Host Name enter the hostname of your U3 appliance. 
4. For Port enter 4422
5. For the User Name enter the direct connect connection string. "Domain\UserName@ManagedAccount@ManagedSystem"

For example in this connection string:

"Domain\UserName@root@centos

I am authenticating as Domain\UserName,
And I will be logging in to the managed system "centos" using the managed account "root"

You can save the password for Domain\UserName or leave it blank and you will be prompted for it. This would be the same account you login to Password Safe with.

In Password Safe you will need to enable SFTP to get the connection to work.
Have a look at this kb 
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017393

Note: When using WinSCP in a proxied session use the SFTP Protocol and not the SCP protocol. 
Warning: Using SCP protocol in a proxied WinSCP session can cause high CPU and other issues.
Have a look at this KB for details.
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0016961

Hi Jchandler , 

thanks for response . 

We have some restriction on our environment as we cannot use direct connection option as it bypasses azure MFA and customer doesn’t want to use TOTP. Hence we have use the winscp as application .

We have to go with winscp as application option only. How will used move file from his machine to RDS server is blocker for us .

You could use the command menu in WinSCP to create a file share that uses that user's own account to a directory that only belongs to him, like this:

cmd /C net use Z: \\FileServer\FinanceShare YourPassword /user:DOMAIN\RunAsUser

Then the user would change the directory to this mapped one during their sessions, and everything would work out. That is the only way I could think of.

Of course, the user themselves would need to do this manually, or you could set this as a favorite command for the user to only change the username and password used to map the directory.

Sorry, I can't think of another way for now.