RSA SecureID Windows Authentication Agent 7.x Causing Windows Logon Options To Display Incorrectly

3 years ago

Originally Published: 2016-07-27

Article Number

000064937

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.x
Platform: Windows
O/S Version: 2008 Server R2 Enterprise (64 bit)

Issue

Windows Logon Options policy incorrectly displays the last logon time and number of failed logon attempts.
Logon always displays the current time instead of the last logon time, and always display zero failed logon attempts.
Last logon and failed logon info displays correctly if SecureID is uninstalled.

GPO:
Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
OR
User Configuration > Administrative Templates > Windows Components > Windows Logon Options

User-added image

Cause

This is a default behaviour with how the Auth Agent handles Failed authentications.

Resolution

Add the following Registry key:

Create a DWORD value PreserveFailedAuthHistory under
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Common Settings
Set the value to 1 to display information about previous logons.

Workaround

Another way is to used the attached GPO template and enable it to have the same effect.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles