RSA SecureID Windows Authentication Agent 7.x Causing Windows Logon Options To Display Incorrectly
3 years ago
Originally Published: 2016-07-27
Article Number
000064937
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.x
Platform: Windows
O/S Version: 2008 Server R2 Enterprise (64 bit)
 
Issue
Windows Logon Options policy incorrectly displays the last logon time and number of failed logon attempts.
Logon always displays the current time instead of the last logon time, and always display zero failed logon attempts.
Last logon and failed logon info displays correctly if SecureID is uninstalled.

GPO:
Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
OR
User Configuration > Administrative Templates > Windows Components > Windows Logon Options

User-added image
 
Cause
This is a default behaviour with how the Auth Agent handles Failed authentications.
Resolution
Add the following Registry key:
 
  1. Create a DWORD value PreserveFailedAuthHistory under
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Common Settings
  2. Set the value to 1 to display information about previous logons.
Workaround
Another way is to used the attached GPO template and enable it to have the same effect.

Related Articles

Trending Articles

Don't see what you're looking for?