Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3404
Views
0
Helpful
3
Replies

2FA for UAC/Elevation?

bnance1
Level 1
Level 1

‎12-29-2017 05:53 PM

Is there a way to intercept the user access control to force 2FA before you elevate your account to admin? (Not at login, but at the elevation prompt)
(Microsoft Windows in particular, but macOS and Linux/UNIX sudo, too)

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎01-02-2018 07:13 AM

This article covers the types of logons Duo for Windows Logon protects: https://help.duo.com/s/article/1079. Currently there is no way to invoke Duo for a “run-as” authentication.

Duo Unix can get called for a sudo login.

Duo, not DUO.
0 Helpful

bnance1
Level 1
Level 1
In response to DuoKristina

‎01-02-2018 07:54 AM

Thank you, Kristina! Is there anything on the roadmap to develop a way to interrupt the runas/UAC process? The NIST Special Publication 800-171 requires MFA for escalation. We are using the lack of options to justify MFA on the original login combined with authentication logging (that records the elevation attempt), but a real answer would be to force MFA when moving through the elevation process.

-Bob

1X_587526f94f2f65349752b00bd5c35440ca79de43.png

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to bnance1

‎01-02-2018 08:13 AM

Please contact your account exec, customer success manager, or Duo support to submit a feature request (or ask to be notified for future status of the feature request).

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents