netwrix · zoeycastillo · Nov 25, 2025 · Nov 17, 2025 · Nov 18, 2025 · Nov 24, 2025
@@ -6,7 +6,8 @@ keywords:
   - certificate installation
   - SbPAM
 sidebar_label: Configure Proxy for RDP Connections
-tags: []
+tags:
+  - certificate-management
 title: "Configure Proxy for RDP Connections (Install/Update Certificate to Prevent RDP Certificate Warnings)"
 knowledge_article_id: kA04u0000000HRRCA2
 products:
@@ -25,7 +26,7 @@ This article outlines the process for installing or updating a certificate to pr
 
   > **IMPORTANT:** The Certification Authority's post-deployment configuration must be completed after installing both prerequisite roles.
 
-  ![Certification Authority post-deployment configuration dialog with required options visible](./images/servlet_image_22726c8e5cb9.png)
+  ![Certification Authority post-deployment configuration dialog with required options visible](./../0-images/servlet_image_22726c8e5cb9.png)
 
 - The domain must have the **Enrollment Policy** set to enable automatic enrollment and renewal. The **Certificate Enrollment Policy** for user and computer certificates is configured in the **Group Policy** snap-in under **Default Domain Policy** (or another group policy applied to all systems that will access an NPS server on a group-by-group basis). To configure this:
 
@@ -38,29 +39,29 @@ This article outlines the process for installing or updating a certificate to pr
 
 > **NOTE:** If you already have a certificate to install, you can skip to the **Adding the Certificate to Each SbPAM Proxy Server** section below.
 
-1. Open **Certification Authority**, open your CA, right-click **Certificate Templates**, and click **Manage**.  
-   ![Certification Authority console with Certificate Templates context menu open](./images/servlet_image_ebb3b2e4c66a.png)
+1. Open **Certification Authority**, open your CA, right-click **Certificate Templates**, and click **Manage**.
+   ![Certification Authority console with Certificate Templates context menu open](./../0-images/servlet_image_ebb3b2e4c66a.png)
 
-2. In the **Certificate Templates Console**, right-click **Workstation Authentication**, and click **Duplicate Template**.  
-   ![Certificate Templates Console with Duplicate Template option highlighted](./images/servlet_image_e3eecaa55357.png)
+2. In the **Certificate Templates Console**, right-click **Workstation Authentication**, and click **Duplicate Template**.
+   ![Certificate Templates Console with Duplicate Template option highlighted](./../0-images/servlet_image_e3eecaa55357.png)
 
-3. On the **General** tab, change the name to **Client-Server Authentication** and enable the **Publish certificate in Active Directory** checkbox.  
-   ![General tab of template properties with name and publish option highlighted](./images/servlet_image_35245db9daa9.png)
+3. On the **General** tab, change the name to **Client-Server Authentication** and enable the **Publish certificate in Active Directory** checkbox.
+   ![General tab of template properties with name and publish option highlighted](./../0-images/servlet_image_35245db9daa9.png)
 
-4. On the **Subject Name** tab, enable the **Supply in the request** radio button.  
-   ![Subject Name tab with Supply in the request option selected](./images/servlet_image_2b1a501d40fd.png)
+4. On the **Subject Name** tab, enable the **Supply in the request** radio button.
+   ![Subject Name tab with Supply in the request option selected](./../0-images/servlet_image_2b1a501d40fd.png)
 
-5. On the **Extensions** tab, select **Application Policies** and click **Edit**. Click **Add**, then select **Server Authentication**. Click **OK** until you return to the **Properties of New Template** dialog.  
-   ![Extensions tab with Application Policies and Server Authentication highlighted](./images/servlet_image_9ccee298858e.png)
+5. On the **Extensions** tab, select **Application Policies** and click **Edit**. Click **Add**, then select **Server Authentication**. Click **OK** until you return to the **Properties of New Template** dialog.
+   ![Extensions tab with Application Policies and Server Authentication highlighted](./../0-images/servlet_image_9ccee298858e.png)
 
-6. On the **Security** tab, select **Domain Computers** and enable the checkbox to allow **Autoenroll**. Click **OK** and then close the Certificate Templates Console.  
-   ![Security tab with Domain Computers and Autoenroll option checked](./images/servlet_image_d2bd2889a956.png)
+6. On the **Security** tab, select **Domain Computers** and enable the checkbox to allow **Autoenroll**. Click **OK** and then close the Certificate Templates Console.
+   ![Security tab with Domain Computers and Autoenroll option checked](./../0-images/servlet_image_d2bd2889a956.png)
 
-7. Back in **Certification Authority**, right-click **Certificate Templates**, hover over **New**, and click **Certificate Template to Issue**.  
-   ![Certification Authority with Certificate Template to Issue option highlighted](./images/servlet_image_4e7a38bb30d6.png)
+7. Back in **Certification Authority**, right-click **Certificate Templates**, hover over **New**, and click **Certificate Template to Issue**.
+   ![Certification Authority with Certificate Template to Issue option highlighted](./../0-images/servlet_image_4e7a38bb30d6.png)
 
-8. Select **Client-Server Authentication** and click **OK**.  
-   ![Certificate Template selection dialog with Client-Server Authentication selected](./images/servlet_image_d8afec47d2b9.png)
+8. Select **Client-Server Authentication** and click **OK**.
+   ![Certificate Template selection dialog with Client-Server Authentication selected](./../0-images/servlet_image_d8afec47d2b9.png)
 
 9. On the desktop, create a text file named **request.inf** with the following content (replace the **red** text with your server certificate name):
 
@@ -95,44 +96,44 @@ This article outlines the process for installing or updating a certificate to pr
     certreq -new request.inf rdp.csr
     ```
 
-    ![Command Prompt showing certreq command execution](./images/servlet_image_117381e3f99f.png)
+    ![Command Prompt showing certreq command execution](./../0-images/servlet_image_117381e3f99f.png)
 
-11. To sign the certificate request, use your preferred signing mechanism. The following example uses Active Directory Certificate Services (`https://<servername>/certsrv`).  
-    ![Certificate Services web enrollment home page](./images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](./images/servlet_image_0f3e849ec385.png)
+11. To sign the certificate request, use your preferred signing mechanism. The following example uses Active Directory Certificate Services (`https://<servername>/certsrv`).
+    ![Certificate Services web enrollment home page](./../0-images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](./../0-images/servlet_image_0f3e849ec385.png)
 
     Click **Request a certificate**, then click **advanced certificate request**.
 
-12. Open the saved certificate signing request (**rdp.csr**) from the previous step in Notepad. Copy the certificate request into the **Saved Request** field. Select **Client-Server Authentication** from the **Certificate Template** dropdown. Click **Submit**.  
-    ![Certificate request submission form with fields filled](./images/servlet_image_21d63c042bef.png)
+12. Open the saved certificate signing request (**rdp.csr**) from the previous step in Notepad. Copy the certificate request into the **Saved Request** field. Select **Client-Server Authentication** from the **Certificate Template** dropdown. Click **Submit**.
+    ![Certificate request submission form with fields filled](./../0-images/servlet_image_21d63c042bef.png)
 
     Leave other settings at default values, and click **Submit**.
 
-13. Select **DER encoded** and click **Download certificate**.  
-    ![Certificate download page with DER encoded option selected](./images/servlet_image_ff7ee6960cb2.png)
+13. Select **DER encoded** and click **Download certificate**.
+    ![Certificate download page with DER encoded option selected](./../0-images/servlet_image_ff7ee6960cb2.png)
 
-14. Open the downloaded certificate and select **Install Certificate**. Proceed with all default values and complete the wizard.  
-    ![Certificate installation wizard with default options](./images/servlet_image_9751657fe7cd.png)
+14. Open the downloaded certificate and select **Install Certificate**. Proceed with all default values and complete the wizard.
+    ![Certificate installation wizard with default options](./../0-images/servlet_image_9751657fe7cd.png)
 
-15. To export the certificate, view certificates for the current user by launching **certmgr.msc** using the Windows **Run** menu.  
-    ![Windows Run dialog with certmgr.msc entered](./images/servlet_image_f5c0eb62aa44.png)
+15. To export the certificate, view certificates for the current user by launching **certmgr.msc** using the Windows **Run** menu.
+    ![Windows Run dialog with certmgr.msc entered](./../0-images/servlet_image_f5c0eb62aa44.png)
 
-    Right-click the installed certificate (the certificate using the **Client-Server Authentication** template) and click **Export...**.  
-    ![Certificate export context menu](./images/servlet_image_4f237c8e6acb.png)
+    Right-click the installed certificate (the certificate using the **Client-Server Authentication** template) and click **Export...**.
+    ![Certificate export context menu](./../0-images/servlet_image_4f237c8e6acb.png)
 
-16. In the **Certificate Export Wizard**, change the **Export Private Key** option to **Yes, export the private key**.  
-    ![Certificate Export Wizard with Export Private Key option selected](./images/servlet_image_9a7649f21943.png)
+16. In the **Certificate Export Wizard**, change the **Export Private Key** option to **Yes, export the private key**.
+    ![Certificate Export Wizard with Export Private Key option selected](./../0-images/servlet_image_9a7649f21943.png)
 
 17. For **Export File Format**, select **Personal Information Exchange - PKCS #12 (.PFX)**. Select the following checkboxes:
 
     - Include all certificates in the certification path if possible
     - Enable certificate privacy
 
-    ![Export File Format options with PKCS #12 and checkboxes selected](./images/servlet_image_491abdc2366b.png)
+    ![Export File Format options with PKCS #12 and checkboxes selected](./../0-images/servlet_image_491abdc2366b.png)
 
 18. For **Security**, enter a password of your choosing and select the AES256-SHA256 encryption option (3DES is no longer recommended by NIST).
 
-    > **IMPORTANT:** For **File to Export**, the file name **must** be **rdp.pfx**. If it is named anything else, importing the .pfx file on each proxy server will not work.  
-    ![Export dialog with rdp.pfx file name entered](./images/servlet_image_808a1a23eec9.png)
+    > **IMPORTANT:** For **File to Export**, the file name **must** be **rdp.pfx**. If it is named anything else, importing the .pfx file on each proxy server will not work.
+    ![Export dialog with rdp.pfx file name entered](./../0-images/servlet_image_808a1a23eec9.png)
 
 19. This certificate can now be imported to each SbPAM Proxy Server.
 
@@ -148,7 +149,7 @@ This article outlines the process for installing or updating a certificate to pr
    "C:\Program Files\Stealthbits\PAM\ProxyService\sbpam-proxy.exe" ca import -p [PATH]\rdp.pfx
    ```
 
-   ![Command Prompt showing sbpam-proxy.exe ca import command](./images/servlet_image_07c7409683d2.png)
+   ![Command Prompt showing sbpam-proxy.exe ca import command](./../0-images/servlet_image_07c7409683d2.png)
 
 3. The new certificate has now been imported to an SbPAM Proxy Server. Repeat this process for all SbPAM Proxy Servers if using more than one. (The default installation of SbPAM uses one proxy service on the SbPAM server itself; however, additional proxy services can be distributed.)
 
@@ -6,7 +6,8 @@ keywords:
   - Netwrix Enterprise Auditor
   - permissions
 sidebar_label: Confirm Permissions for AD Domain Controllers
-tags: []
+tags:
+  - permissions-and-access
 title: "How to Confirm Permissions for Active Directory > 5. Domains > 0.Collection > AD_DomainControllers"
 knowledge_article_id: kA0Qk0000001hNtKAI
 products:

@@ -15,7 +15,8 @@ keywords:
 products:
   - onesecure
 sidebar_label: Password Never Expires Report Shows Incorrect Data
-tags: []
+tags:
+  - troubleshooting
 title: "Password Never Expires Report Shows Incorrect Data"
 knowledge_article_id: kA0Qk0000000YkrKAE
 ---

@@ -6,7 +6,8 @@ keywords:
   - PowerShell Remoting
   - WinRM
 sidebar_label: Troubleshoot Failed Action Service Connections
-tags: []
+tags:
+  - troubleshooting
 title: "Troubleshoot Failed Action Service Connections to Windows Resources (PSRemoting/WinRM)"
 knowledge_article_id: kA04u0000000HiICAU
 products:
@@ -86,7 +87,7 @@ There are Group Policy settings used to filter the origin of WinRM requests via
 
 Learn more about the **Allow remote server management through WinRM** Group Policy setting in [Configure Remote Management in Server Manager − Enabling or Disabling Remote Management ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager#enabling-or-disabling-remote-management).
 
-![Windows Group Policy: Allow remote server management through WinRM](./images/servlet_image_16fc9e2e2432.png)
+![Windows Group Policy: Allow remote server management through WinRM](./../0-images/servlet_image_16fc9e2e2432.png)
 
 ### Allow full control to Remote Management Users