Automate Script – Deploy Duo Windows/RDP Authentication (UPDATED)

Quinntin Comer Automate Leave a Comment

*** Updated Information: We have made several modifications on the script including additional Extra Data Fields and checks in the script as well as moving the Tab (and functions) to the Location rather than the Client level.

Due to the rise in Ransomware, Hijacking, Cryptojacking, etc. we have made it a requirement for Duo on all servers. We have made this script available as a product to use in your environments as well (*it will be free for a limited time*)

Background

This script will deploy the Duo Windows/RDP Authentication agent to the device(s) you select. There are a number of variables, or arguments, that are pre-set for you but it has been configured so that they are easily changed. The description in the script, once imported, displays these instructions as well. For a list of arguments: https://help.duo.com/s/article/1090?language=en_US Help article

Process

  1. If you are feeling kind, please donate. It helps support development time for providing free scripts: https://comertechnology.com/product/donation/
  2. Download the following script: Link Here
  3. Go System > General > Import > XML Expansion.
    1. Browse to the file and select it.
    2. Accept the prompt.
  4. Go to Browse > Clients. Expand the desired Client, double click the desired Location.
  5. Under Info > Duo MFA Config. Provide the following information (which you can get from the configured Application in Duo). To allow Duo deployment for this location, check “Enable Duo Deployment“.
    1. Integration Key
    2. Secret Key
    3. API Host
  6. To apply the information in the “Info about…” box above. Import the following file: Link Here
    1. Go to System > General > Import > SQL File.
  7. Run script against the servers at the client.
  8. Login and verify you are being prompted by Duo.

Defaults and Modifications

The script is currently configured with the following default arguments:

  • AutoPush is enabled
  • FailOpen is enabled
  • RDPOnly is disabled (will work for all logins – console and remote)
  • EnableOffline is enabled.

To modify any of these configurations, open the script: !Custom > !Custom – SW – Deploy Duo Windows Authentication

Modify the following lines: 27-34

Leave a Reply

Your email address will not be published. Required fields are marked *