SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Should I be looking for an updated RSA Auth Agent?

I am setting up new production machines with our RSA Auth Agent package. I have noticed the HKLM\SOFTWARE\Policies keys are not being created during installation. This results in successful Authentication tests from the RSA control center. However, when you try to Authenticate during login it will always fail.


I was able to re-mediate by comparing the Registries of authenticating and non-authenticating machines with RSA. I'm now importing the missing keys to the new machines. I have a feeling this was cause by permission changes in a Windows update. Is there an updated RSA Authentication Agent I should be using instead of manipulating the Registry?

Labels (1)
3 Replies
Employee (Retired) Employee (Retired)
Employee (Retired)

Scott Williamson‌,


How many agent machines do you have that need an update?  Depending on how many you can decide if it is better to manually update your existing agents or upgrade to RSA Authentication Agent 7.4.2 for Microsoft Windows  You can download the agent by clicking the link.




Currently I'm setting up 7 machines for production deployment. They are Dell Latitude laptops running Win 10 version 1903 (OS Build 18362.239) I downloaded and installed RSA Auth Agent 7.4.2 and had the same issue. I'm running the installation as admin but something is stopping these keys from being written during the installation. 


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings]


This can be normal depending on the specific situation.

If you have all the agent GPO set as 'not configured', there will be nothing in the registry for policy.


Example: agent installed, 'not configured' on all GPO



Registry for policies, nothing for RSA



Now, as soon as I enable one GPO (Challenge Users, but challenge is still OFF)




the registry will start to populate with the minimum settings (and more as you enable more GPO)




If I go back and select 'not configured' for the Challenge Users GPO again, those policy registry entries will be deleted.


**Of course of you have a Domain Controller pushing down RSA agent GPO, those can/will override local GPO settings.