Remote Desktop Connection Applications (Vmware)
I have installed the RSA Agent version 7.4.4 on a Vmware machine running MS WS2016. I want RSA to challenge all remote requests except for those coming from Vmware's web console. There is a policy setting called Remote Desktop Connection Applications which allows you to enter a list of applications which RSA will not challenge. What is the exe used by Vmware to utilize the web console. And would this work so that authenticated internal users on Vsphere would not have to use RSA (in case RSA is not working).
- Auth Agent
- Authentication Agent
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
I'm just starting to test using the Windows Agent, so I don't have much experience, but my understanding of the Remote Desktop Connection Applications setting is different than yours. I believe the setting affects the Remote Desktop Client, not the Remote Desktop Server. When the setting is disabled and I logon to a server using Remote Desktop, both my client computer and the remote server are prompting for MFA. When I played around with this setting, I can prevent my client from prompting for MFA, and only have the server prompt for MFA. Whether I'm logging on via the VMware console or RD, the server still shows the MFA prompt. Based on my extremely limited knowledge and testing, I don't think that setting will do what you're wanting.
I'm trying to find the answer to this same question!
+ the second version of the same question:
I want everyone who connects to my PC (Windows 10) via RDP to use domain authorization (without RSA), but if I go to the same PC live (locally) only RSA authorization is used.
The VMWare console is literally you sitting in front of the computer and it receives inputs from mouse and keyboard.
The OS has no idea you're connecting to it via VMWare and so you can't apply any policies like you can with RDP connections, etc.
If you did want to exclude RSA when you use the VMWare console it would have to be settings windows console/local logons,. Then you might bypass it by RDP with /console, tbh I haven't use the RSA stuff enough to know what else would be affected.