How to check Microsoft Windows Group Policy Objects (GPOs) for RSA MFA Agents

a year ago

Article Number

000073295

Applies To

RSA ID Plus

RSA SecurID

RSA MFA Agent for Microsoft Windows - all versions

RSA MFA Agent for Microsoft ADFS - v2.0 and later

RSA MFA Agent for Microsoft IIS - v3.0 and later

RSA MFA Agent for Epic Hyperdrive - v2.0 or later

Issue

This article explains how to check which RSA MFA Agent GPO policies have been applied to a Microsoft WIndows computer.

Tasks

From Windows PowerShell (run as Admin) on the machine with the RSA MFA Agent that you want to check:

If it is a domain-attached computer, fetch the most recent GPO settings from the domain controller, and apply them to the local computer.

gpupdate /force

Generate an HTML report file, showing the current GPO settings applied to the computer.

gpresult /scope computer /h folder\gpresult.html

where folder should be the name of any folder on the machine where the gpresult.html file should be saved, e.g. c:\temp. If folder has spaces in it, use double-quotes, e.g.

gpresult /scope computer /h "c:\Users\My Name\Downloads\gpresult.html"

In Windows File Explorer, navigate to folder, then double-click the gpresult.html file. The file will open in the default web browser.
When viewing the gpresult.html file in a web browser, use the Show and Hide links on the right to expand and close sections in the file. RSA MFA Agent GPO settings should be under Computer Details > Settings > Policies > Administrative Templates > RSA Desktop. The Winning GPO column on the right of each setting will show where the machine got that GPO setting from (local or a domain policy) .

Click any RSA policy name to see a pop-up help window for the policy

To find where the machine is getting all applied GPO settings from, look under Computer Details > Group Policy Objects > Applied GPOs

Resolution

When requesting RSA Support assistance with Microsoft Windows-based RSA MFA Agent issues, consider sending to Support the gpresult.html file from an affected machine.

Notes

Some Microsoft references:

Group Policy Architecture at https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/group-policy-architecture
Group Policy overview at https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/group-policy/group-policy-overview
gpupdate at https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/gpupdate
gpresult at https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult

For information about GPO template deployment and settings for RSA MFA Agents, refer to the RSA MFA Agent Group Policy Object Template Guide manual for your RSA MFA Agent version:

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles