000012084 - SecurID prompt does not appear when connecting with Remote Desktop Protocol RDP on Windows Server 2012

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000012084
Applies ToRSA Authentication Agent 7.2.1, 7.3.1
Windows 2012
IssueSecurID prompt does not appear when connecting with RDP on Windows 2012, or Users can bypass RSA SecurID Credential Provider because the Microsoft Password Credential Provider is available and not hidden
Credential Providers too many
Cause

Customer has disabled Microsoft Password Credential Provider. This disables the excluding of Microsoft Credential Provider. This allows the RDP Client to bypass the SecurID authentication. This is the reason why user does not get SecurID prompt even though the challenge was enabled.

Resolution

1.Start --- > Windows PowerShell ---- > gpedit ---- > This will launch  local group policy editor.
Powershell
    
or search for Group Policy Editor in Windows
gpedit


2. On the left panel -- > Navigate to Administrative Templates ---- > Classic Administrative Templates --- >  RSA Desktop --- > Credential Provider Filter Settings ---- > Set the Microsoft Password Credential Provider to 'Not configured'.
gpedit
3. Connect with RDP client as SecurID challenged user. User will be able to get SecurID prompt and successfully authenticate.  Only the RSA Credential Providers will show now

Cred Provider RSA only

Legacy Article IDa64071

Attachments

    Outcomes