What is the best way to implement two-factor authentication in AD DS?

V

Vasya Pupkin2019-06-27 13:33:16

System administration

Vasya Pupkin, 2019-06-27 13:33:16

1. What is the best way to build a domain entrance now: Smart cards or USB tokens?
2. Is it possible to build it without third party software?
You need to move away from logins and passwords towards double authentication using tokens.
I found two types of JaCarta-2 PKI and Rutoken keys. Rutokens require some kind of software to install in order for this garbage to work. But I know that in AD DS you can somehow implement this through a certification authority, but you will need software to write certificates to USB tokens, etc.
Maybe someone has implemented a working scheme of this kind and can share a manual that is not a hundred years old?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

akelsey, 2019-06-27
@akelsey

I don’t know without a 3rd party, the rohos key software suits me + google authenticator.
It is supported in a domain environment, but has not been used, because it is only necessary for home RDP - when it is impossible to use vpn.
PS
_ you probably need a free option - this is not your case.

S

Sergey Ryzhkin, 2019-06-27
@Franciz

How to use a token to make a Windows domain secure...

C

chupasaurus, 2019-06-27
@chupasaurus

List of official adapters for AD FS