This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ScottWilliamson
Beginner
Beginner
‎2019-09-04 03:22 PM

Should I be looking for an updated RSA Auth Agent?

I am setting up new production machines with our RSA Auth Agent 7.4.0.40 package. I have noticed the HKLM\SOFTWARE\Policies keys are not being created during installation. This results in successful Authentication tests from the RSA control center. However, when you try to Authenticate during login it will always fail.

 

I was able to re-mediate by comparing the Registries of authenticating and non-authenticating machines with RSA. I'm now importing the missing keys to the new machines. I have a feeling this was cause by permission changes in a Windows update. Is there an updated RSA Authentication Agent I should be using instead of manipulating the Registry?

Labels (1)
Labels
0 Likes
Reply
3 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2019-09-04 03:33 PM

Scott Williamson‌,

 

How many agent machines do you have that need an update?  Depending on how many you can decide if it is better to manually update your existing agents or upgrade to RSA Authentication Agent 7.4.2 for Microsoft Windows  You can download the agent by clicking the link.

 

Regards,

Erica

Reply
ScottWilliamson
Beginner
Beginner
In response to _EricaChalfin
‎2019-09-04 04:36 PM

Currently I'm setting up 7 machines for production deployment. They are Dell Latitude laptops running Win 10 version 1903 (OS Build 18362.239) I downloaded and installed RSA Auth Agent 7.4.2 and had the same issue. I'm running the installation as admin but something is stopping these keys from being written during the installation. 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings]
"RDCFileName"="C:\\Windows\\System32\\CredentialUIBroker.exe"
"UseDefaultSystemCredProviderImage"=dword:00000001
"EnableChallenge"=dword:00000001
"ChallengeMode"=dword:00000002
"ChallengeGroup"=""
"SendDomainName"=dword:00000000

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to ScottWilliamson
‎2019-09-05 11:27 AM

This can be normal depending on the specific situation.

If you have all the agent GPO set as 'not configured', there will be nothing in the registry for policy.

 

Example: agent 7.4.2.133 installed, 'not configured' on all GPO

pastedImage_1.png

 

Registry for policies, nothing for RSA

pastedImage_2.png

 

Now, as soon as I enable one GPO (Challenge Users, but challenge is still OFF)

 

pastedImage_3.png

 

the registry will start to populate with the minimum settings (and more as you enable more GPO)

 

pastedImage_4.png

 

If I go back and select 'not configured' for the Challenge Users GPO again, those policy registry entries will be deleted.

 

**Of course of you have a Domain Controller pushing down RSA agent GPO, those can/will override local GPO settings.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.