March 28, 2024
100320 0333 HowtoConfig8 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free
Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts. Duo Authentication for Windows Logon add Duo two-factor authentication to Windows desktop and server logins, both at the local console and incoming Remote Desktop (RDP) connections. Today, I am going to how to step by step configure them.

Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts. Duo Authentication for Windows Logon add Duo two-factor authentication to Windows desktop and server logins, both at the local console and incoming Remote Desktop (RDP) connections.

Today, I am going to how to step by step configure them.

Sig up Duo free account

1.Sign up a DUO trial account, it will support 10 users account with unlimited servers for free. Enter your information and click Start My Trial.

100320 0333 HowtoConfig1 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

2.Duo will send a verification link to the email address for registration.

100320 0333 HowtoConfig2 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

3.Login to the email account, open the welcome to Duo email, click Verify Your Email.

100320 0333 HowtoConfig3 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

4.On the Step 1, enter the password and then click Continue.

100320 0333 HowtoConfig4 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

5.On the Step 2, follow the introductions to install Duo Mobile on your phone and Add account via scan barcode.

100320 0333 HowtoConfig5 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

6.You will see a green check mark on the barcode after you add account succeeded, click Continue.

100320 0333 HowtoConfig6 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

7.On the Step 3, enter the Phone number, click Finish.

100320 0333 HowtoConfig7 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

8.On the Setup Complete page, click Duo Push to Confirm Your Identity.

100320 0333 HowtoConfig8 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

9.On the Setup Complete page, you will see sending on the Duo Push.

100320 0333 HowtoConfig9 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

10.the sending Login request will pop up at the Duo Mobile app of your phone, click Approve.

100320 0333 HowtoConfig10 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

11.Click Approve to allow you to access the Duo admin panel.

100320 0333 HowtoConfig11 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

Edit Policy

1.On the Duo Admin Panel page, select Policies.

100320 0333 HowtoConfig12 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

13.On the Policies page, click Edit Global Policy.

100320 0333 HowtoConfig13 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

14.On the Edit Policy page, select New User Policy.

100320 0333 HowtoConfig14 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

15.On the New User Policy page, select Deny access, click Save Policy.

100320 0333 HowtoConfig15 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

Enroll a User

There are many ways to add users, I am going to add users manually. The username should match your Windows logon name. Install Duo Mobile and add your account to it so you can use Duo Push. If the user logging in to Windows after Duo is installed does not exist in Duo, the user may not be able to log in.

1.On the Duo Admin Panel, select Users.

2.On the Users page, Click Add User.

100320 0333 HowtoConfig16 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

3.Type in the username. A Duo username should match the user’s primary authentication username. Duo usernames are not case-sensitive and are normalized to lowercase, click Add User.

Please don’t put the domain name in front of username. E.g. if the domain user account is carysun.com\csun, you need to put csun only. That means if there are the same username at multiple domains, you can use the same username for multiple domains login with 2FA authentication.

100320 0333 HowtoConfig17 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

4.On the User page (in my case is csun), enter settings values, click Save Changes.

  • Username: you can add username aliases by click Add username alias, if you have a different username at multiple domains, you can add them here but there are up to 4 aliases.

100320 0333 HowtoConfig18 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

  • Full name: Type in full name of the user
  • Email: Type in email of the user.

100320 0333 HowtoConfig19 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

5.Once the user is created you can click the Send Enrollment Email link to send the new user a message that contains a link they can use to add a phone or other 2FA authentication device.

100320 0333 HowtoConfig20 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

6.Login to the email account from phone, open the Duo Security Enrollment email, click the link to enroll a phone.

Configuring Duo Authentication for Windows Logon and RDP

1.Log in to the Duo Admin Panel and select to Applications.

100320 0333 HowtoConfig21 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

2.On the Applications page, click Protect an Application.

100320 0333 HowtoConfig22 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

3.On the Protect an Application page, locate the entry for Microsoft RDP in the applications list, click Protect.

100320 0333 HowtoConfig23 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

4.On the Microsoft RDP page, click Click to view at Secret key.

100320 0333 HowtoConfig24 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

5.To get the integration key, secret key, and API hostname. You’ll need this information to complete your setup at Servers.

100320 0333 HowtoConfig25 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

6.Login to Windows Servers.

7.Download the Duo Authentication for Windows Logon installer package

8.Run the Duo Authentication for Windows Logon installer with administrative privileges.

100320 0333 HowtoConfig26 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

9.On the Welcome page, click Next.

100320 0333 HowtoConfig27 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

10.On the Duo Connectivity page, enter the API Hostname from the Duo Admin Panel and click Next.

100320 0333 HowtoConfig28 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

If the connectivity check fails, ensure that your Windows system can communicate with your Duo API hostname over HTTPS (port 443).

If you need to use an outbound HTTP proxy in order to contact Duo Security’s service, enable the Configure manual proxy for Duo traffic option and specify the proxy server’s hostname or IP address and port here.

11.Enter the integration key and secret key from the Duo Admin Panel and click Next.

100320 0333 HowtoConfig29 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

12.On the integration options page, keep the default settings, click Next.

100320 0333 HowtoConfig30 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

13.On the Configure the behavior for the Smart Card provider page, keep the default settings if you don’t plan to use smart cards on the system.

100320 0333 HowtoConfig31 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

14.On the Configure User Elevation Protection page, keep the default settings if you don’t need to enable UAC elevation protection.

100320 0333 HowtoConfig32 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

15.On the Ready to begin the installation page, click Install.

100320 0333 HowtoConfig33 - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Configure Two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun