Avatar of jd1114
 asked on

What is the easiest way to secure local Windows administrator accounts with 2FA?

I need to secure local Windows administrator accounts with 2FA.  I do not have active directory.  What is the easiest way to do this?

Windows OS* multi-factor authenticationSecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon
Jackie Man

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Secure from whom?

It is not an AD environment, what is the environment peer to peer where you have multiple systems and where you manually have to synchronize and maintain systems?

Much depends on your need, look at Samba4 AD/DC setup example.

Look at cisco's  DUO

See here: https://help.eset.com/esa/30/en-US/installation_of_authentication_server.html
While highly uncommon, they did foresee users NOT in a domain would be able to use it (use standalone mode).
Obviously requires licenses per user per year (and I think 5 is a minimum).
There's no easier way, to get a PUSH to mobile phone MFA solution.
Dr. Klahn

I need to secure local Windows administrator accounts

If you can't trust your own on-site people at the administrator level to use proper passwords, change them at least monthly, and keep them secret -- then requiring two-factor authentication isn't going to help.
Your help has saved me hundreds of hours of internet surfing.

Look at https://www.rohos.com/products/rohos-logon-free/
They offer a free version to test. Only the payware adds 2FA however.

It sounded like the question wasn't about trusting other admins, but more about somehow more about losing (stolen) or brute-forced credentials (in which case MFA would help)
But I could be wrong. Only asker can elaborate on it.

Thank you for your feedback.  To answer Kimputer, the main goal here is compliance.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jackie Man

Compliance to which standards / requirements?

It would be interesting to learn what convinced you that Yubikey is the easiest way here. May I ask you to share your reasons?