Announcing the release of Duo Authentication for Windows Logon and RDP 4.1 with protection for User Elevation

Hello! We are happy to announce that Duo Authentication for Windows Logon and RDP 4.1 featuring User Elevation has been released.

Here are the details:

Duo Authentication for Windows Logon and RDP can now protect users during credentialed Windows User Account Control elevations (e.g. right-click + “Run as administrator”).

When installing Duo Authentication for Windows Logon, administrators can choose to enable User Elevation by selecting the “Enable UAC Elevation Protection” checkbox.

Configuration options are also provided to control Offline Access for UAC Elevation.

If you need to change any of your chosen options after installation, you can do so by updating the registry. See the Duo for Windows Logon FAQ for instructions on how to update the settings.

In addition, the GPO template has been updated to include User Elevation configuration options.

Other updates that are part of the Winlogon 4.1 release:

  • The installer for this configuration is now signed using SHA-256.
  • Additional bug fixes and security enhancements, including the addition of a warning to administrators if local administrative accounts lack a password.
1 Like

Please be aware that we have identified an issue affecting Duo Authentication for Windows Logon and RDP version 4.1 on Active Directory domain controllers that may trigger user lockouts.

We recommend that you do not install version 4.1 on your domain controllers and install version 4.0.7 instead. Please refer to our documentation for details.

Hello everyone, we have released Duo Authentication for Windows Logon and RDP version 4.1.1, which addresses the issue that Kelly described above. You can download the new version from the link provided in step 5 of the “First Steps” section in the documentation.