How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts. Duo Authentication for Windows Logon add Duo two-factor authentication to Windows desktop and server logins, both at the local console and incoming Remote Desktop (RDP) connections.

Today, I am going to how to step by step configure them.

Sig up Duo free account

1.Sign up a DUO trial account, it will support 10 users account with unlimited servers for free. Enter your information and click Start My Trial.

100320 0333 HowtoConfig1 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

2.Duo will send a verification link to the email address for registration.

100320 0333 HowtoConfig2 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

3.Login to the email account, open the welcome to Duo email, click Verify Your Email.

100320 0333 HowtoConfig3 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

4.On the Step 1, enter the password and then click Continue.

100320 0333 HowtoConfig4 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

5.On the Step 2, follow the introductions to install Duo Mobile on your phone and Add account via scan barcode.

100320 0333 HowtoConfig5 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

6.You will see a green check mark on the barcode after you add account succeeded, click Continue.

100320 0333 HowtoConfig6 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

7.On the Step 3, enter the Phone number, click Finish.

100320 0333 HowtoConfig7 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

8.On the Setup Complete page, click Duo Push to Confirm Your Identity.

100320 0333 HowtoConfig8 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

9.On the Setup Complete page, you will see sending on the Duo Push.

100320 0333 HowtoConfig9 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

10.the sending Login request will pop up at the Duo Mobile app of your phone, click Approve.

100320 0333 HowtoConfig10 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

11.Click Approve to allow you to access the Duo admin panel.

100320 0333 HowtoConfig11 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

Edit Policy

1.On the Duo Admin Panel page, select Policies.

100320 0333 HowtoConfig12 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

13.On the Policies page, click Edit Global Policy.

100320 0333 HowtoConfig13 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

14.On the Edit Policy page, select New User Policy.

100320 0333 HowtoConfig14 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

15.On the New User Policy page, select Deny access, click Save Policy.

100320 0333 HowtoConfig15 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

Enroll a User

There are many ways to add users, I am going to add users manually. The username should match your Windows logon name. Install Duo Mobile and add your account to it so you can use Duo Push. If the user logging in to Windows after Duo is installed does not exist in Duo, the user may not be able to log in.

1.On the Duo Admin Panel, select Users.

2.On the Users page, Click Add User.

100320 0333 HowtoConfig16 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

3.Type in the username. A Duo username should match the user’s primary authentication username. Duo usernames are not case-sensitive and are normalized to lowercase, click Add User.

Please don’t put the domain name in front of username. E.g. if the domain user account is carysun.com\csun, you need to put csun only. That means if there are the same username at multiple domains, you can use the same username for multiple domains login with 2FA authentication.

100320 0333 HowtoConfig17 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

4.On the User page (in my case is csun), enter settings values, click Save Changes.

  • Username: you can add username aliases by click Add username alias, if you have a different username at multiple domains, you can add them here but there are up to 4 aliases.

100320 0333 HowtoConfig18 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

  • Full name: Type in full name of the user
  • Email: Type in email of the user.

100320 0333 HowtoConfig19 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

5.Once the user is created you can click the Send Enrollment Email link to send the new user a message that contains a link they can use to add a phone or other 2FA authentication device.

100320 0333 HowtoConfig20 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

6.Login to the email account from phone, open the Duo Security Enrollment email, click the link to enroll a phone.

Configuring Duo Authentication for Windows Logon and RDP

1.Log in to the Duo Admin Panel and select to Applications.

100320 0333 HowtoConfig21 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

2.On the Applications page, click Protect an Application.

100320 0333 HowtoConfig22 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

3.On the Protect an Application page, locate the entry for Microsoft RDP in the applications list, click Protect.

100320 0333 HowtoConfig23 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

4.On the Microsoft RDP page, click Click to view at Secret key.

100320 0333 HowtoConfig24 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

5.To get the integration key, secret key, and API hostname. You’ll need this information to complete your setup at Servers.

100320 0333 HowtoConfig25 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

6.Login to Windows Servers.

7.Download the Duo Authentication for Windows Logon installer package

8.Run the Duo Authentication for Windows Logon installer with administrative privileges.

100320 0333 HowtoConfig26 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

9.On the Welcome page, click Next.

100320 0333 HowtoConfig27 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

10.On the Duo Connectivity page, enter the API Hostname from the Duo Admin Panel and click Next.

100320 0333 HowtoConfig28 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

If the connectivity check fails, ensure that your Windows system can communicate with your Duo API hostname over HTTPS (port 443).

If you need to use an outbound HTTP proxy in order to contact Duo Security’s service, enable the Configure manual proxy for Duo traffic option and specify the proxy server’s hostname or IP address and port here.

11.Enter the integration key and secret key from the Duo Admin Panel and click Next.

100320 0333 HowtoConfig29 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

12.On the integration options page, keep the default settings, click Next.

100320 0333 HowtoConfig30 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

13.On the Configure the behavior for the Smart Card provider page, keep the default settings if you don’t plan to use smart cards on the system.

100320 0333 HowtoConfig31 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

14.On the Configure User Elevation Protection page, keep the default settings if you don’t need to enable UAC elevation protection.

100320 0333 HowtoConfig32 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

15.On the Ready to begin the installation page, click Install.

100320 0333 HowtoConfig33 - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #mvphour

Author: Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net
Twitter:@SifuSun

About Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA Blog: http://www.carysun.com http://www.checkyourlogs.net Twitter:@SifuSun

Leave a Reply