4

We recently noticed a change in the login process on one of our Windows 2012 Servers. When we go to login it now prompts us for "Other User"

Windows Server 2012 Passcode Other User

After which it then prompts for a User Name, Password, and Passcode

Windows Server 2012 User name Password Passcode

I have never seen the request for a Passcode when logging to a windows server before. I am able to login using my standard username and password (leaving the Passcode blank) but I am curious why it is asking for a passcode. Also it prevents my Remote Desktop Manager software from using automatic login.

Is there any way to disable the Passcode request at login? We aren't seeing this on a 2012 R2 server in the same datacenter, and nobody I have talked to knows anything about it. I don't see any recent updates that look like they could have changed the authentication process, and an online search doesn't show any results.

Greg Bray
  • 5,610
  • 5
  • 36
  • 53
  • 4
    Neat. Looks like two-factor auth, but I'm not sure what kind... could be an RSA token, could be an SMS code, probably could eb something else, but like you, I'm having trouble finding a definitive answer online. – HopelessN00b Jun 17 '14 at 16:15
  • 1
    Could it be a Group Policy setting was changed? – Davidw Jun 17 '14 at 16:54
  • 1
    I'm thinking like @Davidw that it's either a GPO or, one of the methods that Hopeless didn't mention was a smart card reader. We have to use those in the govt org that I work for as part of HSPD 12 (a directive straight from George Bush); not that you wouldn't know about a new directive in your company to start using smart card/smart card readers, but there is a setting in GP that allows you to turn that on/off. – Brad Bouchard Jun 17 '14 at 19:44
  • Also... any new software along the lines of something like this http://www.smspasscode.com/ get installed on that server lately? – Brad Bouchard Jun 17 '14 at 19:46

1 Answers1

2

Following the advice of David and Brad I checked group policy using gpresult /v and found a policy called Multi-Factor-Authentication-ADMINS, which appears to be setting some registry keys in SOFTWARE\Policies\PassGo Technologies\Defender\Defender GINA.

It appears to be a product called Quest Defender (now owned by Dell Software), and there is an entry in the Control Panel Add-Remove programs section called Defender Desktop Login

So it appears we have a new two factor authentication system. I'll check with our IT department and report back if I find a way to remove it.

Greg Bray
  • 5,610
  • 5
  • 36
  • 53
  • Not for nothing, but why wouldn't you check with your IT department first? – joeqwerty Jun 18 '14 at 00:24
  • @joeqwerty I already submitted a ticket... but that can sometimes take a while for them to respond. These are not production systems, so I can be a bit more aggressive about fixing things myself. – Greg Bray Jun 18 '14 at 14:41