This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
EverettCulberts
Beginner
Beginner
‎2019-11-22 11:35 AM

How can I challenge all users except my .\Administrator (local admin)?

Jump to solution

I want my agents to challenge all users except my Local Administrator on each box.  I know that I can challenge all users except the Administrator Group but our group policy has Domain.com/Domain Administrators in each Local Administrators group.  Because of this, I can still log on with my Domain Admin account without being challenged.  However, at our other site, it works as desired.  Group policy matches at both sites.  Both sites use active directory for user acct's and groups.  What am I missing?  Why does Site 1 challenge all users except Local Admin and Site 2 challenges all users except Local and Domain Admins?

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
SrirangaPrasan1
Employee
Employee
In response to EverettCulberts
‎2019-11-27 05:00 AM

Jump to solution

This needs additional details and verbose logs from the agent side to check about the user group enumeration during the process of authentication.

Ensure that when you do tests on Site1 and Site2, you are running the latest version of RSA Windows Agent

https://community.rsa.com/docs/DOC-106864 

 

Kindly open a case for further review and investigation. Refer 000036161 - How to open a technical support case via the Case Management portal on RSA Link.

 

-Sri

View solution in original post

0 Likes
Reply
2 Replies
EverettCulberts
Beginner
Beginner
‎2019-11-22 11:37 AM

Jump to solution

I'm looking for a Group Policy or settings fix here, not to build another AD group. 

0 Likes
Reply
SrirangaPrasan1
Employee
Employee
In response to EverettCulberts
‎2019-11-27 05:00 AM

Jump to solution

This needs additional details and verbose logs from the agent side to check about the user group enumeration during the process of authentication.

Ensure that when you do tests on Site1 and Site2, you are running the latest version of RSA Windows Agent

https://community.rsa.com/docs/DOC-106864 

 

Kindly open a case for further review and investigation. Refer 000036161 - How to open a technical support case via the Case Management portal on RSA Link.

 

-Sri

0 Likes
Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.