Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2289
Views
0
Helpful
2
Replies

2fa for windows admin share

helloworld12
Level 1
Level 1

‎07-02-2019 06:52 AM

I have DUO setup and working on my laptop for local and RDP logins but admin users are able to connect to my machine using //IP/C$ and are not prompted for 2fa.

Does DUO have a way to enforce at a lower level on my computer?

We are current users of Authlite and really enjoy that since they install right on the DC they can enforce 2FA for pretty much all AD requests.

Labels:
0 Helpful
2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

‎07-08-2019 05:36 AM

Dup Authentication for Windows Logon does not apply 2FA to UNC share access at this time. Learn more about what types of logins Duo for Windows protects here: What logon interfaces can Duo protect?

Duo, not DUO.
0 Helpful

BusterDoney
Level 1
Level 1

‎07-16-2019 07:32 AM

You might want to consider implementing a Secret server/password management solution instead. For example, you can enroll all of your domain admin accounts into the secret server, have those passwords rotate on a daily basis, and users can access those accounts/secrets by logging into the password management portal (which you can force Duo/MFA on that login).

This prevents access to the //machine/C$ unless someone logins in to the secret server with a domain user account/MFA first.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents