000023567 - How to protect desktop or laptop PC in a Microsoft Windows domain using RSA SecurID two-factor authentication

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023567
Applies ToRSA Authentication Agent 6.1.1 for Microsoft Windows
Local Authentication Client (LAC)
RSA Authenticator Utility (RAU) 1.1
RSA SecurID SID800 Authenticator (USB token)
Microsoft Windows XP Professional SP2
Microsoft Windows 2000 Professional SP4
Microsoft Windows domain controller (DC)
IssueHow to protect desktop or laptop PC in a Microsoft Windows domain using RSA SecurID two-factor authentication
ResolutionA registered desktop or laptop PC (member workstations) in a Microsoft Windows domain can be protected with RSA SecurID two-factor authentication using RSA Authentication Agent 6.1.1 for Windows - Local Authentication Client (LAC).
NOTE: Users who wish to use RSA SecurID SID800 Authenticator (USB token) must install RSA Authentication Utility version 1.1 (RAU) prior to installing RSA Authentication Agent 6.1 for Microsoft Windows Local Authentication Client (LAC)
IMPORTANT: Do not make any configuration changes to the RAU after installation; just perform the RAU installation, reboot, and install RSA Authentication Agent 6.1.1 for Microsoft Windows Local Authentication Client (LAC)
Member workstations that use DHCP to acquire IP addresses also must install the auto-registration module. This enables the RSA Authentication Agent to auto-register its name and IP address in the RSA Authentication Manager's database.
Local Authentication Client and Auto-Registration is selected during the RSA Authentication Agent 6.1 for Windows installation during a custom setup. Do not do a typical installation of the agent software.
Screenshot showing the expected options to select while installing RSA Authentication Agent:

NOTE: Auto-registration sets up the agent host entry by default as 'Open to all locally known users', 'Enable Offline Authentication', and 'Enable Windows Password Integration'. Refer to the RSA Authentication Manager Administrator?s Guide or online help for further information on these configurable options.
Screenshot showing agent host configuration:

Configuration changes are required in RSA Authentication Manager. Windows Password Integration and agent host auto-registration must be enabled under System Parameters. Refer to the RSA Authentication Manager Administrator?s Guide or online help for further information on these configurable options.
Screenshot providing an example of System Parameters:

Screenshot providing an example of an Offline Authentication configuration:

RSA Security provides product documentation with the software or alternatively product documentation can be found on RSA SecurCare Online at this location, or click Documentation > Guides & Manuals > RSA SecurID in the left navigation menu.
Documentation References:
- RSA Authentication Agent 6.1.1 for Microsoft Windows Installation and Administration Guide is available on the RSA Authentication Agent 6.1 for Microsoft Windows software CD-ROM or in the .ZIP package if the software is downloaded from RSA SecurCare Online
- RSA Authentication Manager 6.1 Administrator's Guide is available from the /aceservdoc/ directory of the RSA Authentication Manager 6.1 software CD-ROM
1. RSA Authentication Agent 6.1.1 for Microsoft Windows Local Authentication Client (LAC) installation - RSA Authentication Agent 6.1.1 for Microsoft Windows Installation and Administration Guide, Chapter 4, page 53 - Configuring Local Authentication
2. Agent auto-registration - RSA Authentication Agent 6.1.1 for Microsoft Windows Installation and Administration Guide, Appendix B, page 133 - Automated Registration of Agent Hosts
3. Required changes to RSA Authentication Manager - RSA Authentication Manager 6.1 Administrator's Guide, Chapter 3, page 59 - Setting Up Offline Authentication and Password Integration
Where to get the software:
RSA Authentication Agent 6.1.1 for Microsoft Windows (RSA Authentication Agent 6.1 for Windows + Patch 1) and RSA Authentication Utility (RAU) 1.1 software is available for download from RSA SecurCare Online:
RSA Authentication Agent for Microsoft Windows 6.1: In the left navigation menu, select Downloads > Software Upgrades > enter license number at the bottom of the screen and click the button to proceed to Download Central where you can download the software
- RSA Authentication Agent for Microsoft Windows 6.1 Patch 1: In the left navigation menu, select Downloads > Fixes by Product > RSA SecurID > Authentication Agent 6.x > RSA Authentication Agent 6.1 for Microsoft Windows - Patch 1 Update
- RSA Authentication Utility (RAU) 1.1: In the left navigation menu, select Downloads > All Downloads > RSA SecurID > Tools > RSA Authenticator Utility 1.1 Build 13
 
Legacy Article IDa30928

Attachments

    Outcomes