?
Solved

Multi Factor Authentication for Terminal Server

Posted on 2016-10-05
6
Medium Priority
?
30 Views
Last Modified: 2016-10-26
Who has successfully implemented multifactor authentication on there terminal servers?

What solution do you use? What do you like about it? hate about it? cost?


Has any found a way to use client certificates as two factor authentication?
In an ideal world I would love to build a certificate authority and just issue a self signed cert to my company owned machines. If you don't have the cert, you can't login!  I just wish it was that easy...
0
Comment
Question by:PerimeterIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 1000 total points (awarded by participants)
ID: 41832513
I've done 2-factor with Citrix (a while back).. We used RSA and it gets implemented at the Web Interface server.  It worked great; the only significant issue was the cost, but going with soft tokens cut the cost in half (~$30/token).

Management was pretty good, although as the hardware tokens began to expire it was some effort to get new ones rolled out to replace the expiring ones.  RSA did have the web facilities to make it easier to roll, but non-IT people had some trouble following directions (reading them back to the user made them 'magically' understand it.  This was a while back, and I know a lot of their stuff has changed since then.

I have not done the client certificates, but I have seen other Citrix implementations where it has been done.  It works pretty well, but the clients have to be managed very carefully to not break the Citrix/card software link.  It's supposed to be very easy to fix.. but can be fairly easily broken.

Coralon
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41832573
I use Microsoft Azure Multifactor Authentication (phonefactor) . Used it before Microsoft bought it several years ago. It ties into the Remote Desktop Gateway as a RADIUS proxy. We pay per use, not per user, so we don't have to worry which fraction of our users actually use it. The hardest part is figuring out how to buy and consume Azure services. We don't need to provision any tokens (hard or soft), so it's really easy for our users.
0
 
LVL 44

Expert Comment

by:Amit
ID: 41832587
RSA is the answer for your query.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 1

Author Comment

by:PerimeterIT
ID: 41832739
Amit can you be more specific? link?
0
 
LVL 44

Accepted Solution

by:
Amit earned 1000 total points (awarded by participants)
ID: 41833583
There is the product from EMC.
https://www.rsa.com/en-us
https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents/authentication-agent-for-microsoft-windows

Which is normally used for 2 factor authentication. I am using it currently, however not deployed it. Check with vendor for more detail.
0
 
LVL 44

Expert Comment

by:Amit
ID: 41859960
Best answer given.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question