This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AdrianJones
Beginner
Beginner
‎2018-12-07 04:22 AM

Authentication Agent Local Challenge Group

Jump to solution

We are planning to use a local challenge group on each Windows machine to hold details of which Users should not be challenged for SecurID credentials via the "Challenge All Users except" policy.

 

Do you have any recommendations/best practice on how to secure the group to stop people simply adding usernames into the group and bypassing SecurID ?

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
‎2018-12-07 08:10 AM

Jump to solution

You need to trust your administrators/users who have permissions to manage group membership, or block access using Microsoft settings. Note that if someone can reboot the machine and get into safe mode as an administrator they 'own' that machine, so not making everyone a local administrator will help. Local Users and Groups snap-in can be restricted by Windows policy.

View solution in original post

Reply
1 Reply
EdwardDavis
Employee
Employee
‎2018-12-07 08:10 AM

Jump to solution

You need to trust your administrators/users who have permissions to manage group membership, or block access using Microsoft settings. Note that if someone can reboot the machine and get into safe mode as an administrator they 'own' that machine, so not making everyone a local administrator will help. Local Users and Groups snap-in can be restricted by Windows policy.

Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.