000012084 - RSA SecurID prompt does not appear when connecting with Remote Desktop Protocol RDP on Windows Server 2012 with RSA Authentication Agent 7.2.1 or 7.3.1 for Windows

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 15, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000012084
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent
RSA Version/Condition: 7.2.1, 7.3.1
O/S Version: Windows 2012
IssueThe RSA SecurID prompt does not appear when connecting with RDP on Windows 2012, or users can bypass RSA SecurID Credential Provider because the Microsoft Password Credential Provider is available and not hidden:
 
Credential Providers too many
Cause

The customer has disabled Microsoft Password Credential Provider, which disables the excluding of Microsoft Credential Provider. This allows the RDP client to bypass the SecurID authentication and explains why the user does not get an RSA SecurID prompt even though the challenge was enabled.

Resolution
  1. From Run or the Windows icon in the taskbar, click Start > Windows PowerShell > gpedit to launch  local group policy editor.


Powershell

Alternatively, search for Group Policy Editor in Windows



    



  1. On the left panel, navigate to Administrative Templates > Classic Administrative Templates RSA Desktop > Credential Provider Filter Settings 
  2. Set the Microsoft Password Credential Provider to Not configured.
    Cred Provider RSA only

gpedit



  1. Connect with an RDP client as an RSA SecurID challenged user. The user will be able to see the RSA SecurID prompt and successfully authenticate.  Only the RSA Credential Providers will show now.
Legacy Article IDa64071

Attachments

    Outcomes