08-26-2020 03:25 AM
Sorry new to this community.
Would like to know if Duo on Windows can be set to only protecting UAC/run as administrator function?
We would like to run Duo on user computers, but we don’t need normal user login with 2FA. We just want to ensure when administrative credential is entered, this action is protected by 2FA and being logged. We would like to do this to ensure the action is done by legitimate admin person instead of stealing password of the user.
Of course the same principle may also apply to RDP with administrative accounts, but that’s another topic after we tackled the local login challenge.
08-26-2020 10:52 AM
Hi there!
Yes, Duo for Windows Logon and RDP can be configured to only prompt for 2FA at UAC/run as admin prompts. To configure our Windows Logon integration to behave this way, you can either configure it to only protect UAC logons during installation (check step 6 of “Run the Installer” here: Duo Authentication for Windows Logon and RDP | Duo Security) or by editing the registry post-installation: https://help.duo.com/s/article/5807
Note that while there are a number of UAC elevation options, this feature only supports UAC prompts that ask for username and password.
Hope this helps!
07-06-2021 10:54 AM
What is the behavior when you are logged in with a local (non-domain or 2FA enabled) account?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide