zodiacaero 0 Posted February 15, 2017 Share Posted February 15, 2017 Ok, we are looking at ESA and other products as we need something that will force our domain admins to use 2 factor auth when logging into our servers or any machine as a domain admin. The sales guy seemed to imply this would do such a thing. I've been reading the installation manual and it's not completely clear on some things. First, can I mark just the admins to have to use ESA. Second, do I have to install this software on every single PC and server in the domain? It sounds as if we would have to if we want admins to use 2factor whenever they login with admin accounts. Or is this only necessary if you want to ALSO protect and force 2factor when the domain admin uses remote desktop? So if I don't install it on every user it would force 2factor on all computers when the admin logs into them locally? Or I still have to install on every PC? Third, if I have to install this on every computer, is there an MSI to push with just the pieces we would need to deploy? Thanks Link to comment Share on other sites More sharing options...
ESET Staff VladimirVladimir 14 Posted February 16, 2017 ESET Staff Share Posted February 16, 2017 Hi you can activate ESA (second factor) for any specific user in Active Directory You can protect the endpoint (server/PC) in two ways: By protecting the local login with a second factor or by protecting RDP connection with a second factor (if the user who is logging is enabled for 2FA). In both scenarios, ESA plugin for RDP/local login (just the plugin, no need to install auth server and management tools – on every machine) must be installed on each machine you want to protect (and activate 2FA for users accessing the machine). Regarding the Authentication server and management tools, its ok to have it installed only on one server in the domain. Yes regards vladimir Link to comment Share on other sites More sharing options...
Recommended Posts