search

LastSquirrelIT / MultiOneTimePassword-CredentialProvider

Aims to improve the overall security of the Windows logon process by adding 2FA Authentication. Uses multiOTP as authentication endpoint.
Apache License 2.0
94 stars 44 forks source link

RDP Only Option #13

Open nabber00 opened 9 years ago

nabber00 commented 9 years ago

Would be nice to have an RDP only option. I don't know how that is implemented but the Duo Security Windows Logon Credential Provider can do it with a registry setting. It might be checking for a remote IP address.

arcadejust commented 9 years ago

I have the "RDP only" switch in my version but I don't know how to upload it. I have made my version for the Credential V2 (windows 8 and 10 style) so it's not a branch but rather completely different project... I kept the original logo:D and I can verify that the microsoft account 2'nd level authentication works with multiotp !!! If you like I can send you the code and dll

btw. you can check the rdp by GetSystemMetrics(SM_REMOTESESSION) but I also wanted to log the IP (windows doesn't do that anymore) and I have actually used the "checking for remote IP address" with the proper rdp port taken from the windows registry (I don't use standard port) :)

nabber00 commented 9 years ago

Yeah that sounds perfect. I'm only using Windows 8.1+ these days anyway. Also great info on how to check for RDP, should be easy to patch that in.

arcadejust commented 9 years ago

I have just uploaded my first project with a git repository... I don't know if it's any good, but hey I've never used git before :D you could try this https://github.com/arcadejust/MultiotpCPV2RDP

just don't install it without reading the reg file or you can block your PC for good :D

nabber00 commented 9 years ago

Looks very simple, which I like. If you want to tag it as a release you can upload any binaries that go with it into the "releases" tab.

arcadejust commented 9 years ago

It's ready - you can try it out

nabber00 commented 9 years ago

What do I do with the DLL? Does it go in a particular path? Do I need to register it?

arcadejust commented 9 years ago

First make sure you have multiotp installed and the path to it is correct in register.reg (default "MultiOTPPath"="c:\multiotp\windows\" (remember to use double slash) modify the path if you have to with notepad).Copy the dll to c:\windows\system32 and then run register.reg. Right now the setting "MultiOTPRDPOnly"=dword:00000001 suppress CP for local login and lock screen so you will not see a credential provider from your console, you will have to open rdp from another computer to see it.

nabber00 commented 8 years ago

Yeah that worked as expected, great!

multiOTP commented 6 years ago

Hello,

Please note that we have enhanced this MultiOneTimePassword-CredentialProvider thanks to various contributors, including arcadejust, and it's now available in the multiOTP project (https://github.com/multiOTP/multiOTPCredentialProvider). We will do enhancements in this fork.

Regards,