Security Question: Remote Access to Registry

Hi! I have a security question I was hoping to get assistance with.

  • We wish to protect all RDP connections on all internal servers by enforcing Duo MFA.
  • There are a subset of servers that require remote access to the registry to be granted to Administrators.

If one of these Administrator accounts were compromised, would it be possible for the bad actor to connect remotely to the registry on this subset of servers and use this capability to disable MFA for RDP connections?

I believe the answer to this is “yes” - but looking for definitive guidance here.

Thanks for any insight!

Hi @JC0612 ,

Duo has created a comprehensive guide regarding Winlogon/RDP integration security that addresses your inquiry:

Hope this helps!