Get yourself in trouble with 2FA
-
Administrator is used for logon onto the Console of the Server.
- However, default on Windows Vista and newer, the userID Administrator is disabled.
- Apply to the Console is selected.
-
2FA Email is selected.
-
However, default the Administrator has no email address assigned.
-
Also the email server is down so no emails are send by the emailserver.
-
2FA Mobile is not selected, but that does not matter, because the Administrator has not yet installed a 2FA App on his/her mobile.
-
Also the Administrator has left his/her mobile phone at home / hotel / somewhere far far away. And the battery is empty.
In this example it is not possible anymore for the Administrator to login on the AADServer...
HowTo Fix
-
Boot the Server into Windows Safe Mode.
-
Start AADS Maintenance and Control.
-
Disable 2FA by de-selecting both 2FA Mobile and 2FA Email.
-
Reboot.
HowTo Prevent Trouble
2FA Mobile
-
Install a 2FA Mobile App on your mobile device.
-
Create a Windows Group called 2FA_Users.
-
Make 1 (or more) test users member of the group 2FA_Users.
-
Test that the login including 2FA works OK.
2FA Email
-
Enter all email server settings correctly.
-
Create a Windows Group called 2FA_Users.
-
Make 1 (or more) test users member of the group 2FA_Users.
-
Test that the OTP email is received by the test users, within the settings of TimeOut (minutes).
-
Test that the login including 2FA works OK.
After this, the Administrator can make him/herself member of the group 2FA_Users and apply 2FA to him/her self.
Recommended Settings
|
© 2012-2023 AADS WorldWide. Terminal Server | Application Server | Remote Desktop solutions | Firewall
|
|
|
|
|