2 factor authentication on Windows Server 2019
I would like to harden my Windows Server 2019 a bit.
I want to add 2 factor authentication for users that log in locally on my Windows Server 2019.
When the user log in I want the second authentication to be something like this (in order of prority)
- Push request to iPhone mobile app or key from Google
Authenticator - Fallback to text message with the code
- Fallback to automated call telling me the code
The main thread I want to gard against is a keylogger on the keyboard, but there might be other ways to hack into the system.
I have also encrypted the disks.
Maybe I can setup an Azure multi-factor authentication server but would prefer something a bit cheaper and simpler give this is only for one server. Something along these lines.
authentication windows-server
add a comment |
I would like to harden my Windows Server 2019 a bit.
I want to add 2 factor authentication for users that log in locally on my Windows Server 2019.
When the user log in I want the second authentication to be something like this (in order of prority)
- Push request to iPhone mobile app or key from Google
Authenticator - Fallback to text message with the code
- Fallback to automated call telling me the code
The main thread I want to gard against is a keylogger on the keyboard, but there might be other ways to hack into the system.
I have also encrypted the disks.
Maybe I can setup an Azure multi-factor authentication server but would prefer something a bit cheaper and simpler give this is only for one server. Something along these lines.
authentication windows-server
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44
add a comment |
I would like to harden my Windows Server 2019 a bit.
I want to add 2 factor authentication for users that log in locally on my Windows Server 2019.
When the user log in I want the second authentication to be something like this (in order of prority)
- Push request to iPhone mobile app or key from Google
Authenticator - Fallback to text message with the code
- Fallback to automated call telling me the code
The main thread I want to gard against is a keylogger on the keyboard, but there might be other ways to hack into the system.
I have also encrypted the disks.
Maybe I can setup an Azure multi-factor authentication server but would prefer something a bit cheaper and simpler give this is only for one server. Something along these lines.
authentication windows-server
I would like to harden my Windows Server 2019 a bit.
I want to add 2 factor authentication for users that log in locally on my Windows Server 2019.
When the user log in I want the second authentication to be something like this (in order of prority)
- Push request to iPhone mobile app or key from Google
Authenticator - Fallback to text message with the code
- Fallback to automated call telling me the code
The main thread I want to gard against is a keylogger on the keyboard, but there might be other ways to hack into the system.
I have also encrypted the disks.
Maybe I can setup an Azure multi-factor authentication server but would prefer something a bit cheaper and simpler give this is only for one server. Something along these lines.
authentication windows-server
authentication windows-server
edited Feb 2 at 6:11
Damian
asked Feb 2 at 1:28
DamianDamian
1822213
1822213
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44
add a comment |
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1401212%2f2-factor-authentication-on-windows-server-2019%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1401212%2f2-factor-authentication-on-windows-server-2019%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Windows doesn’t have support to send out an SMS message, but it can be configured to support 2FA, having difficulty determining what your question is exactly
– Ramhound
Feb 2 at 3:52
@Ramhound Yes, enable 2FA for local users on the server. There is no AD.
– Damian
Feb 2 at 5:44