## Windows Privileged Account Delegation - Cmd/App restriction

Hi,

I know that audit, session capture and replay, risk level rating and AD
authentication are Windows features via RDP relay.

However, how should I do to define specific commands that users will be
able to execute on Windows ? Because Command Control integrates through
a restricted shell on Unix/Linux but there is not an option on Windows,
right ? There are many references which mentions Windows command
execution and Remote privileged command execution. But I don´t know the
way to do it (allow/deny). What does "PUM Run" do ? Is RDP relay
mandatory ?

Please let me know if there is any document which can help me to
understand these PUM features for Windows.