Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Multi Factor Authentication for Terminal Server

Posted on 2016-10-05
6
24 Views
Last Modified: 2016-10-26
Who has successfully implemented multifactor authentication on there terminal servers?

What solution do you use? What do you like about it? hate about it? cost?


Has any found a way to use client certificates as two factor authentication?
In an ideal world I would love to build a certificate authority and just issue a self signed cert to my company owned machines. If you don't have the cert, you can't login!  I just wish it was that easy...
0
Comment
Question by:PerimeterIT
6 Comments
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 250 total points (awarded by participants)
ID: 41832513
I've done 2-factor with Citrix (a while back).. We used RSA and it gets implemented at the Web Interface server.  It worked great; the only significant issue was the cost, but going with soft tokens cut the cost in half (~$30/token).

Management was pretty good, although as the hardware tokens began to expire it was some effort to get new ones rolled out to replace the expiring ones.  RSA did have the web facilities to make it easier to roll, but non-IT people had some trouble following directions (reading them back to the user made them 'magically' understand it.  This was a while back, and I know a lot of their stuff has changed since then.

I have not done the client certificates, but I have seen other Citrix implementations where it has been done.  It works pretty well, but the clients have to be managed very carefully to not break the Citrix/card software link.  It's supposed to be very easy to fix.. but can be fairly easily broken.

Coralon
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41832573
I use Microsoft Azure Multifactor Authentication (phonefactor) . Used it before Microsoft bought it several years ago. It ties into the Remote Desktop Gateway as a RADIUS proxy. We pay per use, not per user, so we don't have to worry which fraction of our users actually use it. The hardest part is figuring out how to buy and consume Azure services. We don't need to provision any tokens (hard or soft), so it's really easy for our users.
0
 
LVL 42

Expert Comment

by:Amit
ID: 41832587
RSA is the answer for your query.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:PerimeterIT
ID: 41832739
Amit can you be more specific? link?
0
 
LVL 42

Accepted Solution

by:
Amit earned 250 total points (awarded by participants)
ID: 41833583
There is the product from EMC.
https://www.rsa.com/en-us
https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents/authentication-agent-for-microsoft-windows

Which is normally used for 2 factor authentication. I am using it currently, however not deployed it. Check with vendor for more detail.
0
 
LVL 42

Expert Comment

by:Amit
ID: 41859960
Best answer given.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question