This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
NathanBrown2
Beginner
Beginner
‎2018-03-01 08:39 AM

Windows 8 Pro allowing users to bypass RSA

Jump to solution

I have some Windows 8 Professional laptops I just installed the RSA Authentication Agent x64 on.  However, after rebooting and each boot afterwards when I press back arrow next to the user icon I see 4 options for logging in.  2 contain the RSA black logo offering the current login and other user, the other two have the default white icon with the current user's ID on it and the other with Other User, like the RSA icons.  The problem is, I can select the windows icon for the current or other user and log straight on in.  No typing PIN and RSA SecurID number.  Has anyone experienced this?  Does anyone have a suggestion?    Thank you, Nathan.

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2018-03-01 12:44 PM

Jump to solution

Nathan,

What you are seeing is the Windows Password Credential Provider in addition to the SecurID Credential Provider.  The RSA Windows agent install is designed to disable the display of all other Credential Providers so users are forced to go through the RSA Credential Provider with the Black logo.

You need to disable the Windows Password Credential provider, either through the Registry or with a GPO, which Erica referenced above.  The closest solution we have for reference is how to disable the Windows Smart Card Credential Provider, 

https://community.rsa.com/docs/DOC-46900 

so if you kind of follow this one, but translate Smart Card to Windows Password, you should be able to achieve what is needed here, to allow filtering out of Windows Password CP, to disable display of it.

View solution in original post

Reply
4 Replies
EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2018-03-01 10:00 AM

Jump to solution

Nathan Brown‌,

 

Have you reviewed the RSA Authentication Agent 7.3.3 for Microsoft Windows Group Policy Object Template Guide for information on configuring challenge options on the agent?

 

This guide describes how to use Group Policy Object templates to configure RSA Authentication Agent 7.3.3 for Microsoft Windows. For example, you can use a policy template to define how users authenticate, define challenge groups, and set the logon field label.

 

Also, check out the RSA Authentication Agent Help files within the agent's RSA Control Center to learn how to enable tracing on the agent.  These logs are helpful if you need to contact support to assist you in resolving your issue.

 

 

Regards,

Erica

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2018-03-01 12:44 PM

Jump to solution

Nathan,

What you are seeing is the Windows Password Credential Provider in addition to the SecurID Credential Provider.  The RSA Windows agent install is designed to disable the display of all other Credential Providers so users are forced to go through the RSA Credential Provider with the Black logo.

You need to disable the Windows Password Credential provider, either through the Registry or with a GPO, which Erica referenced above.  The closest solution we have for reference is how to disable the Windows Smart Card Credential Provider, 

https://community.rsa.com/docs/DOC-46900 

so if you kind of follow this one, but translate Smart Card to Windows Password, you should be able to achieve what is needed here, to allow filtering out of Windows Password CP, to disable display of it.

Reply
NathanBrown2
Beginner
Beginner
In response to JayGuillette
‎2018-03-01 01:29 PM

Jump to solution

Thanks for the info. Sounds like what I am looking for. I will pull it up on my phone as our internet provider experienced a fiber cut.

I will update this email to the resolution or continued difficulties.

 

Thank you,

 

Nathan Brown

IT Tech Support Specialist

Louisiana Office of Student Financial Assistance

Baton Rouge, LA 70802 (225)219-7636

0 Likes
Reply
NathanBrown2
Beginner
Beginner
‎2018-03-07 10:38 AM

Jump to solution

Thank you for the excellent help.  The profile via the group policy is what ended up helping me.

Thanks again!

0 Likes
Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.