Set up RSA Windows Authenticator v7.4 with RSA security console and Windows authenticates fine. Originally had it set up to authenticate everyone except administrators and this worked also. Installed the GPO on the DC via the manual instructions and set it to authenticate users in group rsa_users. Logging into the test workstation and running Control Center, Challenge Users now shows the challenge as users in group and shows the group rsa_users. However, every user gets challenged when logging into the workstation. (It should probably be noted that this is a test Win10 workstation on a hypervisor so we are logging in via RDP.)
Any ideas ?