Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
891
Views
0
Helpful
5
Replies

Server 2019 OnPremises Domain

JoeD1
Level 1
Level 1

‎06-28-2022 08:20 AM

we are running on single onpremises Server 2019 domain. We currently only have AD DS role installed and not the AD FS role installed. Will we need to install the AD FS role to get Duo to work with our server? If so, is there any special configuring that needs to be done in this AD FS role? Will it affect the way everyone logins in? We are trying to only test Duo on a few users in our Domain.

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

DuoPablo
Cisco Employee
Cisco Employee

‎06-28-2022 08:32 AM

Hi @JoeD ,

Which integration type are you looking to configure for Duo? If you are looking to protect AD FS app/logins, then you will need the AD FS role as well as the Duo AD FS package installed. Please see Microsoft AD FS for Windows 2012 R2 and later | Duo Security.

If you are looking to protect the server itself (via local login or RDP) with Duo, you only will need the Duo for Winlogon installer. Please see Duo Authentication for Windows Logon & RDP | Duo Security

Testing a group of users will differ based on the integration type needed for your use case.

Hope this helps!

0 Helpful

JoeD1
Level 1
Level 1
In response to DuoPablo

‎06-28-2022 08:34 AM

I am looking to protect a few users local Windows Logins on the domain computers and our Domain Admin account logging into the server.

0 Helpful

DuoPablo
Cisco Employee
Cisco Employee
In response to JoeD1

‎06-28-2022 08:50 AM

Thanks for the information. You would need to install the Duo for Winlogon client on each workstation and server that you wish to protect. It can be deployed via GPO, too: Duo Authentication for Windows Logon & RDP | Duo Security

In addition to the main doc I sent over previously, please see the Deployment Tip for scoping this to a group of test users.

0 Helpful

JoeD1
Level 1
Level 1
In response to DuoPablo

‎06-28-2022 11:15 AM

so because there is no direct connect to the domain controller, we would really need to install the Duo Winlogon client on every device in our network then to be protected by MFA?

0 Helpful

DuoPablo
Cisco Employee
Cisco Employee
In response to JoeD1

‎07-08-2022 10:14 AM

Installing the Duo for Winlogon client on a domain controller does not inherently protect or prompt users when logging into domain joined workstations/servers. Each Windows endpoint will require the Duo for Winlogon client to be installed since this is how Duo works as a Windows Credential Provider. This would be true for non-domain joined Windows systems as well.

For more information, please see our FAQ: Duo Authentication Windows Logon RDP: FAQ | Duo Security

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents