Jump to content


This topic is now archived and is closed to further replies.


ESA questions for Windows Servers/admins

Recommended Posts

Ok, we are looking at ESA and other products as we need something that will force our domain admins to use 2 factor auth when logging into our servers or any machine as a domain admin.  The sales guy seemed to imply this would do such a thing.

I've been reading the installation manual and it's not completely clear on some things.  

First, can I mark just the admins to have to use ESA.

Second, do I have to install this software on every single PC and server in the domain?  It sounds as if we would have to if we want admins to use 2factor whenever they login with admin accounts.  Or is this only necessary if you want to ALSO protect and force 2factor when the domain admin uses remote desktop? So if I don't install it on every user it would force 2factor on all computers when the admin logs into them locally?  Or I still have to install on every PC?  

Third, if I have to install this on every computer, is there an MSI to push with just the pieces we would need to deploy?




Share this post

Link to post
Share on other sites


  1. you can activate ESA (second factor) for any specific user in Active Directory

  2. You can protect the endpoint (server/PC) in two ways: By protecting the local login with a second factor or by protecting RDP connection with a second factor (if the user who is logging is enabled for 2FA). In both scenarios, ESA plugin for RDP/local login (just the plugin, no need to install auth server and management tools – on every machine) must be installed on each machine you want to protect (and activate 2FA for users accessing the machine). Regarding the Authentication server and management tools, its ok to have it installed only on one server in the domain.

  3. Yes 



Share this post

Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...