Start Free TrialLog in
Avatar of jd1114
jd1114

asked on 

What is the easiest way to secure local Windows administrator accounts with 2FA?

I need to secure local Windows administrator accounts with 2FA.  I do not have active directory.  What is the easiest way to do this?

Windows OS* multi-factor authenticationSecurity
Avatar of undefined
Last Comment
McKnife
ASKER CERTIFIED SOLUTION
Avatar of Jackie Man
Jackie Man
Flag of Hong Kong image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of arnold
arnold
Flag of United States of America image
Secure from whom?

It is not an AD environment, what is the environment peer to peer where you have multiple systems and where you manually have to synchronize and maintain systems?

Much depends on your need, look at Samba4 AD/DC setup example.

Look at cisco's  DUO
Avatar of Kimputer
Kimputer
See here: https://help.eset.com/esa/30/en-US/installation_of_authentication_server.html
While highly uncommon, they did foresee users NOT in a domain would be able to use it (use standalone mode).
Obviously requires licenses per user per year (and I think 5 is a minimum).
There's no easier way, to get a PUSH to mobile phone MFA solution.
Avatar of Dr. Klahn
Dr. Klahn
I need to secure local Windows administrator accounts

If you can't trust your own on-site people at the administrator level to use proper passwords, change them at least monthly, and keep them secret -- then requiring two-factor authentication isn't going to help.
Avatar of McKnife
McKnife
Flag of Germany image
Look at https://www.rohos.com/products/rohos-logon-free/
They offer a free version to test. Only the payware adds 2FA however.
Avatar of Kimputer
Kimputer
It sounded like the question wasn't about trusting other admins, but more about somehow more about losing (stolen) or brute-forced credentials (in which case MFA would help)
But I could be wrong. Only asker can elaborate on it.
Avatar of jd1114
jd1114

ASKER

Thank you for your feedback.  To answer Kimputer, the main goal here is compliance.
Avatar of Jackie Man
Jackie Man
Flag of Hong Kong image
Compliance to which standards / requirements?
Avatar of McKnife
McKnife
Flag of Germany image
It would be interesting to learn what convinced you that Yubikey is the easiest way here. May I ask you to share your reasons?
Windows OS
Windows OS

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent