Two factor authentication for RDS 2012


I have been asked a few questions recently around RDS 2012 Web services and two factor authentication.

The good news is there are products out there which will allow you to add Two factor or One Time Password (OTP) solutions to your RDS environments. So all those high security organisations, yes you can secure and tie down access to RDS using two factor or OTP .

Have a look at the following links:

Duo Security:  https://www.duosecurity.com/microsoft

Scorpion software: http://www.scorpionsoft.com/docs/authanvil/rdwebaccess

Rohos: http://www.rohos.com/support/knowledge-base/access-your-remote-desktop-in-a-secure-way-by-usb-stick-2/

 

13 thoughts on “Two factor authentication for RDS 2012

  1. You can use built in IPsec for 2 factor certificate authentication over required ports of farm hosts, or simply the gateway/webhost.

  2. Apologies for the double post above.
    Are you running this Ryan?
    As I have RD Gateway and Web on one server I’m only going to be able to install one component, probably Duo-RDGateway.
    It’s a shame I can’t put both Duo products on the one server.

  3. last question!
    What workaround did you use?
    On setup I get the message ‘This application is not supported on Windows Server 2012 or later’
    Thanks

  4. Ryan,

    Did you have any issues with your TS Resource Authorization Policies get removed, when you run the Duo Security setup? The gateway will allow connection to any server from any user. The user still needs the permission to log onto the server, but there is no control over who has access to what.

    Thanks for you time, Rene

  5. I’m simply using Entrust client certificates as a form of 2-factor authentication. User goes to rdweb login page, iis asks for a client cert, user unlocks entrust client cert with password and selects entrust client cert, iis does a crl check on client cert and if ok, presents the login page.

    Is this not a form of 2-factor authentication?

    1. But then you only have Two-Factor Authorization for the IIS login page. If you save the .RDP file you can connect to the RD Gateway without login into the Web Page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s