Jump to content

ESA questions for Windows Servers/admins

Recommended Posts

Ok, we are looking at ESA and other products as we need something that will force our domain admins to use 2 factor auth when logging into our servers or any machine as a domain admin.  The sales guy seemed to imply this would do such a thing.

I've been reading the installation manual and it's not completely clear on some things.  

First, can I mark just the admins to have to use ESA.

Second, do I have to install this software on every single PC and server in the domain?  It sounds as if we would have to if we want admins to use 2factor whenever they login with admin accounts.  Or is this only necessary if you want to ALSO protect and force 2factor when the domain admin uses remote desktop? So if I don't install it on every user it would force 2factor on all computers when the admin logs into them locally?  Or I still have to install on every PC?  

Third, if I have to install this on every computer, is there an MSI to push with just the pieces we would need to deploy?




Link to comment
Share on other sites

  • ESET Staff


  1. you can activate ESA (second factor) for any specific user in Active Directory

  2. You can protect the endpoint (server/PC) in two ways: By protecting the local login with a second factor or by protecting RDP connection with a second factor (if the user who is logging is enabled for 2FA). In both scenarios, ESA plugin for RDP/local login (just the plugin, no need to install auth server and management tools – on every machine) must be installed on each machine you want to protect (and activate 2FA for users accessing the machine). Regarding the Authentication server and management tools, its ok to have it installed only on one server in the domain.

  3. Yes 



Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...