Automate Script – Deploy Duo Windows/RDP Authentication

Quinntin Comer Automate Leave a Comment

Due to the rise in Ransomware, Hijacking, Cryptojacking, etc. we have made it a requirement for Duo on all servers. We have made this script available as a product to use in your environments as well (*Script is no longer free*)

Background

This script will deploy the Duo Windows/RDP Authentication agent to the device(s) you select. There are a number of variables, or arguments, that are pre-set for you but it has been configured so that they are easily changed. The description in the script, once imported, displays these instructions as well. For a list of arguments: https://help.duo.com/s/article/1090?language=en_US Help article

Process

  1. If you are feeling kind, please donate. It helps support development time for providing free scripts: https://comertechnology.com/product/donation/
  2. Download the following script: https://drive.google.com/open?id=14Y0-JmmkqRWRPbiQ_cWTwN8sScguVWH8
  3. Go System > General > Import > XML Expansion.
    1. Browse to the file and select it.
    2. Accept the prompt.
  4. Go to Browser > Clients. Double click the desired Client
  5. Under Info > Duo settings. Provide the following information (which you can get from the configured Application in Duo)
    1. Integration Key
    2. Secret Key
    3. API Host
  6. Run script against the servers at the client.
  7. Login and verify you are being prompted by Duo.

Defaults and Modifications

The script is currently configured with the following default arguments:

  • AutoPush is enabled
  • FailOpen is enabled
  • RDPOnly is disabled (will work for all logins – console and remote)
  • EmableOffline is enabled.

To modify any of these configurations, open the script: !Custom > !Custom – SW – Deploy Duo Windows Authentication

Modify the following lines: 27-34

Leave a Reply

Your email address will not be published. Required fields are marked *