BeyondTrust Jump Client enables privileged users to connect to an unattended or attended remote system to start a session without end-user assistance. The Service desk has increased the count of BeyondTrust licenses to be able to support it as a Bureau-wide standard. The BeyondTrust Jump Client USGS_default application will be deployed to all Windows clients in USGS as a core application in February 2022. The Service Desk will add all IT Staff who are current Bomgar Representatives to the USGS_default Jump group. To request changes, submit a ticket to the Service Desk.
To assist IT Staff and users a new application called “USGS Computer Info” will also be deployed to all Windows Client systems. The application can be found in the start menu, and when the user runs it, a window opens that provides system name and other info that can aid the IT staff in connection to the the machine.
Even though all USGS Windows clients will be in a single USGS Default Jump list, Admin access to each computer is still only be available to those users who have been delegated Admin access. Typically, this will be the local COUA group and -PR and -PRPLUS account holders. See https://tst.usgs.gov/security/best-practices/setting-up-a-privileged-account-strategy-in-active-directory/ for more information.
Required Configurations
The required applications for Bomgar Jump Clients and the Bomgar Representative systems (running Windows Client OSs) are maintained through Enterprise MECM application deployments for the Bureau. No additional configuration should be required to start using the USGS Jump clients. If one of the below requirements is missing, open up a ticket with the Service Desk.
- On the target computer
- BeyondTrust Remote Support Virtual Smart Card Customer
- Remote Jump Client
- On the initiating computer
- BeyondTrust Remote Support Virtual Smart Card Representative
- Representative Console
- Be a member of the USGS Default Jump group
Known Issues
- Jumping on to a computer where the user is logged in w/an RDP session typically results in a black display screen. If a Bomgar session is needed, jump to the user’s primary system (the system used to initiate the RDP session).
- When jumping to a computer with the Representative Console you will not be able to pass PIV card credentials. For administrative actions you will need to use the LAPS password.
Accessing the Jump Client
- Open BeyondTrust Remote Support Representative Console
- The Jump interface appears in the bottom half of the representative console if you are member of the USGS Default Jump Group.
3. When the Client is highlighted, you get a Details pane on the right with some useful information.
4. If a user is logged on your will see their screen in the standard Bomgar session.
5. The session is elevated so that you can see UAC prompts.
6. If the user is not logged in, you will be prompted to log in. The Virtual Smart Card drivers are required for both the Client and Initiating computer. If the client system has “BeyondTrust Remote Support Virtual Smart Card Representative” installed you will not see the option to share your smartcard.
