- Mark as New
- Subscribe to RSS Feed
- Report Inappropriate Content
MFA Agent GPO Settings - Issues/questions
Hi all -
I'm currently testing out the MFA agent on my network. I am using two machines currently to test on. I have two different GPO settings giving me issues presently and would love some feedback on what I may be doing wrong.
The two GPO's settings that I am trying to get working correctly are:
1) Specify Remote Desktop Applications that Do Not Require RSA SecurID
2) Enable Reserve Password
I have the MFA Agent installed on two different Windows 10 machines. I have their settings identical. I have the Specify Remote Desktop Applications that Do Not Require RSA SecurID Access Authentication setting Enabled and I included this in the setting for all Windows Versions with the intention of passing over the RSA Authentication from the connecting machine to the other so that the user will not have to reauthenticate when connecting via RDP.
C:\windows\system32\mstc.exe,C:\windows\system32\CredentialUIBroker.exe,C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\rdcman.exe
I have tested out RDP'ing between those two VM's to no avail, i am prompted each time for RSA Login.
In regards to the Enable Reserve Password, I generated the hash with the RSA Hash Utility and saved it in both GPO Templates for my two test devices. When I login to either of them, there is no drop down for additional login options. I am not even clear on what i should be seeing as i havent seen any screenshots of what it looks like when working correctly. Either way, there is no option for me to login with a reserve password so as far as i am concerned this setting isn't working either.
Thanks in advance all!