This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JashUpadhyay
Occasional Contributor
Occasional Contributor
‎2017-08-24 11:52 PM

For Administrators How to deny access from accessing file system using various means?

Jump to solution

Hi Team,

 

  1. My concern here is for RDP we do have two factor enabled. But if the user do access the path via ... \\SERVERXXX\C$ , then are there any means that we can enable two-factor for them? 
  2. Also an administrator can invoke these below from his desktop with Run As Administrator mode providing the Domain Administrator credentials to access the Domain services like          - Services.msc - to shutdown and start any server services

        - DSA.msc - to add delete users , computers in Windows AD
        - DNSMGMT.msc - DNS Management
        - DHCPMGMT.msc - DHCP Management
        - GPMC.msc - group policy editing
        - Web console based tools on SCCM management 

Can we protect this with two FA?

 

Regards

Jash Upadhyay

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-09-05 12:51 PM

Jump to solution

Access to \\SERVERXXX\C$ is not something that Authentication Manager protects, our Windows agent protects Credential Providers which run at the console or remote console. Maybe you could ask RSA Sales about an RFE, Request for Enhancement to protect \\SERVERXXX\C$, but I thought that was considered a security backdoor.

As to Run As or Run As Administrator, the later versions of the RSA Windows agent, 7.3.3, challenge Run As the same as RDP, in other words if a user would be challenged for access to the console, they would be challenged in order to do Run As Administrator.  you might need to set Access Control on these files or executables to Administrators, and set RSA agent Challenge to everyone or to all Administrators

View solution in original post

Reply
5 Replies
LukaKodric
Trusted Contributor
Trusted Contributor
‎2017-08-27 11:56 AM

Jump to solution

I'd like to know that too!

0 Likes
Reply
JashUpadhyay
Occasional Contributor
Occasional Contributor
‎2017-09-01 01:31 AM

Jump to solution

Hi Team, 

 

I still have not got any response on this? kindly update on the query posted.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-09-05 12:51 PM

Jump to solution

Access to \\SERVERXXX\C$ is not something that Authentication Manager protects, our Windows agent protects Credential Providers which run at the console or remote console. Maybe you could ask RSA Sales about an RFE, Request for Enhancement to protect \\SERVERXXX\C$, but I thought that was considered a security backdoor.

As to Run As or Run As Administrator, the later versions of the RSA Windows agent, 7.3.3, challenge Run As the same as RDP, in other words if a user would be challenged for access to the console, they would be challenged in order to do Run As Administrator.  you might need to set Access Control on these files or executables to Administrators, and set RSA agent Challenge to everyone or to all Administrators

Reply
JashUpadhyay
Occasional Contributor
Occasional Contributor
In response to JayGuillette
‎2017-09-25 07:12 AM

Jump to solution

Hi Jay,

 

I tried with the latest agent and checked it, it is not working for Run as Administrator( Challenge part). Settings for the agent I have kept ( Challenge All Users )

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JashUpadhyay
‎2017-09-25 07:42 AM

Jump to solution

You'd have to look at the agent logs to determine what happens during what should be a challenged 'run as Admin'.

Use the RSA Control Center to set verbose logging.

LAC_Verbose_Tracing2.png

There are many logs; some for Credential Providers and challenge settings, some for Offline Days (DA = Disconnected Authentication).  Note time Run As Challenge failed, look at logs, if you note a symptom do a search here in RSA Link or open a support case for help.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.