Configuring Session Recording

Root > Secret Server > Session Recording
Updated for Secret Server 8.5+
During a recorded RDP or PuTTY session, Secret Server requires a codec to create the movie.  You will need to ensure that the codec you selected is correctly installed on the same machine as Secret Server.  It does not need to be installed on any client machines where session recording is occurring.  
Available codecs:
  • Microsoft Video 1 (Testing Only)
    • Microsoft Video 1 has been deprecated in favor of Microsoft Video 9 and should not be used for production
  • Microsoft Video 9
    • High level of compression and quality. Requires Windows Media Player. This option produces comparable size video to Xvid for moderate activity in an RDP session.
    • Note: On Windows Server 2008 and above, Window Media Player can be installed by adding Desktop Experience from the features in Server Manager. 
  • DivX (Deprecated)
    • Secret Server no longer supports the DivX Codec.
  • Xvid
    • Xvid provides a similar level of quality and compression to DivX, and is freely available.  You can find more information on Xvid here.  This option produces approximately 20 MBs of video for 1 hour of moderate activity in an RDP session.
  • Cinepak (Deprecated)
    • This is installed on most Windows machines, however it provides a somewhat lower level of compression than DivX or Xvid, if it is not installed it can be downloaded from the web.  This produces approximately 320 MBs of video for 1 hour of moderate activity in an RDP Session.
64-bit vs 32-bit Requirements:
Note that Microsoft Video 1, Microsoft Video 9, and Xvid are the only codecs that will run in a 64-bit process. If another codec is chosen, Secret Server's Application Pool must be set to run as a 32-bit process in IIS.
Enabling Session Recording:
Once the codec is installed, you can enable session recording and select it by going to Administration->Configuration->Session Recording, choosing your preferred option under "Video Codec", and turning on session recording.  Additionally you must turn Session Recording on for each Secret it needs to apply to under the "Security" tab. Once session recording is enabled on a secret, Secret Server will record that session when the launcher is used. To view the recorded session after it is completed, click the "View Audit" button on the secret screen and then the "Download Session Recording" link in the details column.
To use the launcher, click the launch button on the secret view page.
Session Recording Configuration Settings:
The option "Save Videos To":
  • Database: Stores the information from a recorded session as Encrypted data to your database.
  • Disk: Stores the recorded session as an unencrypted video file directly to the specified folder path.
The option "Enable Archiving to Disk":
  • After the specified number of days have passed, all recorded session information in your database will be transferred to the specified folder path as Unencrypted video files and cleared from the database.
The option "Enable Deleting":
  • After the specified number of days have passed, all recorded session information in your database will be cleared and any related video files in your archive path will be deleted.
Note that to Save Videos to Disk or Archive to Disk, the Application Pool Service Account must have Write permissions to the specified file path.
Note that to Delete videos from the archive path, the Application Pool Service Account must have Modify permissions.
Note that after saving a change to Configuration->Session Recording, the configurations for Save to Disk and Delete will immediately be applied to all existing session recordings.
Using Network Share Path:
In a clustered environment Secret Server will need to use a network path if saving the files to disk. All nodes will need access to the path to read the videos back to the user.
To archive or save to a file path that is a network share instead of a local folder:
  • The Secret Server IIS Application Pool must be running as a Service Account. Follow this KB article for instructions.
  • You must  grant access to the network share (using Windows ACLs) to the account running the Secret Server IIS Application Pool

Add Feedback