Users on Laptops are given Windows and RSA logon options
I have an issue regarding user accounts and Windows Password vs. RSA token authentication.
All of my laptop users are given two options at the Windows logon screen. Both of these options list the users domainname\username in the account tile.
Tile Option 1: User is prompted for their Windows PASSWORD. If they enter their Windows password, they are able to logon. It specifically says password in the input box.
Tile Option 2: User is prompted for their PASSCODE. If they enter their RSA passcode, they are able to log on. It specifically says PASSCODE in the input box.
Users should only be promoted for their PASSCODE. I do not have this issue with users working from Desktop machines. The same GPOs are applied to the desktop users and the laptop users, but the laptop users have this extra logon option.
Any thoughts would be appreciated.
- Auth Agent
- Authentication Agent
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
Are these desktop and laptop users accessing the same authentication agent? If different, please compare the policies you have in place to see if they are the same.
The Desktop and Laptop users both use the same agent and receive the same GPO in Active Directory.
We are speculating that this may be due to a hibernation file on the machine. That when these laptops boot, a user profile is supplied that normally shouldn't be there.
We are performing some testing now.