RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent
RSA Version/Condition: 7.2.1, 7.3.1
O/S Version: Windows 2012
The RSA SecurID prompt does not appear when connecting with RDP on Windows 2012, or users can bypass RSA SecurID Credential Provider because the Microsoft Password Credential Provider is available and not hidden:
The customer has disabled Microsoft Password Credential Provider, which disables the excluding of Microsoft Credential Provider. This allows the RDP client to bypass the SecurID authentication and explains why the user does not get an RSA SecurID prompt even though the challenge was enabled.
- From Run or the Windows icon in the taskbar, click Start > Windows PowerShell > gpedit to launch local group policy editor.
Alternatively, search for Group Policy Editor in Windows
- On the left panel, navigate to Administrative Templates > Classic Administrative Templates > RSA Desktop > Credential Provider Filter Settings.
- Set the Microsoft Password Credential Provider to Not configured.
- Connect with an RDP client as an RSA SecurID challenged user. The user will be able to see the RSA SecurID prompt and successfully authenticate. Only the RSA Credential Providers will show now.