07-02-2019 06:52 AM
I have DUO setup and working on my laptop for local and RDP logins but admin users are able to connect to my machine using //IP/C$ and are not prompted for 2fa.
Does DUO have a way to enforce at a lower level on my computer?
We are current users of Authlite and really enjoy that since they install right on the DC they can enforce 2FA for pretty much all AD requests.
07-08-2019 05:36 AM
Dup Authentication for Windows Logon does not apply 2FA to UNC share access at this time. Learn more about what types of logins Duo for Windows protects here: What logon interfaces can Duo protect?
07-16-2019 07:32 AM
You might want to consider implementing a Secret server/password management solution instead. For example, you can enroll all of your domain admin accounts into the secret server, have those passwords rotate on a daily basis, and users can access those accounts/secrets by logging into the password management portal (which you can force Duo/MFA on that login).
This prevents access to the //machine/C$ unless someone logins in to the secret server with a domain user account/MFA first.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide