This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
GlennMurphy
New Contributor
New Contributor
‎2016-11-18 01:49 PM

Windows 7 VM not using Dual factor

Jump to solution

I installed RSA Agent 7.2.1.93 on a windows 7 x64 VM 

Users are not being prompted for passcode VIA RDP even though I set the agent to Challange all.

When logging in at the console two icons appear, RSA and OTHER,  RSA work as is should, OTHER only asks for Windows Creds and bypasses Dual Factor.

 

Thank you for your help

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2016-11-18 02:14 PM

Jump to solution

Glenn,

You want to disable the 'Other' Credential Provider, which is the Windows Password Credential Provider, and leave only the RSA Credential Provider so users have to login with a Passcode and cannot sneak in with just a Password.

Disabling a Credential Provider so it does not show is done in the Registry or through a GPO.

If you search at the top of Link, for "Disable Credential Provider" the top hit is an old KB from Ramana here in Support.  It is actually how to disable the Smart Card Credential Provider, but you can look at the registry and figure out how to substitute Windows Password for Smart Card Credential Provider.  It's either disabled or exclude, here's what Ramana wrote:

 

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8fd7e19c-3bf7-489b-a72c-846ab3678c96}
    2. Verify that the default value is @="Smartcard Credential Provider"
    3. Add the following DWORD value: "Disabled"=dword:00000001

 

Credential Providers are kind of the 64-bit equivalent to a Gina in the old 32-bit Windows world

View solution in original post

Reply
1 Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2016-11-18 02:14 PM

Jump to solution

Glenn,

You want to disable the 'Other' Credential Provider, which is the Windows Password Credential Provider, and leave only the RSA Credential Provider so users have to login with a Passcode and cannot sneak in with just a Password.

Disabling a Credential Provider so it does not show is done in the Registry or through a GPO.

If you search at the top of Link, for "Disable Credential Provider" the top hit is an old KB from Ramana here in Support.  It is actually how to disable the Smart Card Credential Provider, but you can look at the registry and figure out how to substitute Windows Password for Smart Card Credential Provider.  It's either disabled or exclude, here's what Ramana wrote:

 

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8fd7e19c-3bf7-489b-a72c-846ab3678c96}
    2. Verify that the default value is @="Smartcard Credential Provider"
    3. Add the following DWORD value: "Disabled"=dword:00000001

 

Credential Providers are kind of the 64-bit equivalent to a Gina in the old 32-bit Windows world

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.