This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AndreLocker
Occasional Contributor
Occasional Contributor
‎2016-09-06 12:43 PM

After a user RDP's to a server what group policies does a Admin need to only allow the SID 800 hardware token as the only logon option?

Jump to solution

What is the best way to:
1) Only have the RSA SID 800 logon option from the windows logon page whens users RDP into a specific server. What Group policies to do i have to have enabled or disabled?
2) Remove the additional challenge for windows logon credentials after being authenticated by RSA.

 

In the end what i want to achieve is be able to have a user Remote Desktop into server be challenged by RSA for two factor authentication and then have access to the server as per normal.

 

Thanks

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
HusseinElBaz
Employee
Employee
‎2016-09-07 04:01 AM

Jump to solution

Hello Andre,

 

To have the RSA SID 800 only enabled, please follow the below

 

1) gpedit.msc

2) Go to Administrative Templates -> Classic Administrative Templates (ADM) -> RSA Desktop -> Credential Provider Filter Settings

3) Then change the Setting to 'Enabled' for all the Settings except the one that you want to appear on the logon screen.

4) Then open Windows cmd and type gpupdate /force and press Enter.

5) Log off from the desktop and try to login again.

 

There is no way to bypass the windows password authentication, but you can use the 'Windows Password Integration" option from RSA.

 

You can configure RSA Authentication Agent for Microsoft Windows so that the Windows password is integrated into the SecurID logon process. When you configure Authentication Agent in this way, users provide their Windows passwords only during their initial online authentication.

 

And you can configure that option from the Security Console, click Authentication > Policies > Offline Authentication Policies > Manage Existing. Then enable the Windows Password Integration Option.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

View solution in original post

Reply
2 Replies
HusseinElBaz
Employee
Employee
‎2016-09-07 04:01 AM

Jump to solution

Hello Andre,

 

To have the RSA SID 800 only enabled, please follow the below

 

1) gpedit.msc

2) Go to Administrative Templates -> Classic Administrative Templates (ADM) -> RSA Desktop -> Credential Provider Filter Settings

3) Then change the Setting to 'Enabled' for all the Settings except the one that you want to appear on the logon screen.

4) Then open Windows cmd and type gpupdate /force and press Enter.

5) Log off from the desktop and try to login again.

 

There is no way to bypass the windows password authentication, but you can use the 'Windows Password Integration" option from RSA.

 

You can configure RSA Authentication Agent for Microsoft Windows so that the Windows password is integrated into the SecurID logon process. When you configure Authentication Agent in this way, users provide their Windows passwords only during their initial online authentication.

 

And you can configure that option from the Security Console, click Authentication > Policies > Offline Authentication Policies > Manage Existing. Then enable the Windows Password Integration Option.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

Reply
AndreLocker
Occasional Contributor
Occasional Contributor
In response to HusseinElBaz
‎2016-09-13 04:46 PM

Jump to solution

This helped thx!

Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.