Kaseya VSA Script: Deploy Duo/Windows RDP Agent

Quinntin Comer Kaseya, Kaseya VSA 0 Comments



Due to the rise in Ransomware, Hijacking, Cryptojacking, etc. we have made it a requirement for Duo on all servers. I figured I would share an Agent Procedure for Kaseya VSA. This is a follow-up to the same script for ConnectWise Automate.

Background

This script will deploy the Duo Windows/RDP Authentication agent to the device(s) you select. There are a number of variables, or arguments, that are pre-set for you but it has been configured so that they are easily changed. The description in the script, once imported, displays these instructions as well. For a list of arguments: https://help.duo.com/s/article/1090?language=en_US Help article

Process

  1. Download the following script: https://docs.google.com/uc?id=1w3J4KJSMMg4y-_DOjmjPqO-oUWMYnVbo&export=download
  2. Create the necessary Managed Variables to apply the Duo API Host, Secret Key and Integration Key to your installation. The Managed Variables can be used to hold each of those per-client.
    1. Agent Procedures > Manage Procedures > Schedule/Create.
    2. Click Manage Variables.
    3. Use the following details for each field of data.
      1. Duo API Host
        1. Select Variable: < New Variable >
        2. Rename/Create Variable: Duo_Host
        3. Set Variable Value: anything here ( we will remove it).
      2. Duo Integration Key
        1. Select Variable: < New Variable >
        2. Rename/Create Variable: Duo_Ikey
        3. Set Variable Value: anything here ( we will remove it).
      3. Duo Secret Key
        1. Select Variable: < New Variable >
        2. Rename/Create Variable: Duo_SKey
        3. Set Variable Value: anything here ( we will remove it).
  3. Go to Agent Procedures > Manage Procedures > Schedule/Create.
    1. Highlight a folder > Click Import Folder/Procedure
    2. Browse to the xml fileProcedure Custom – SW – Deploy Duo Windows Authentication.xml“.
    1. Click Save.
  4. If you have generated an Application in Duo for Windows/RDP Desktops, now would be the time to fill out the Managed Variables for the desired client.
  5. Run Agent Procedure (“Custom – SW – Deploy Duo Windows Authentication“) against your desired servers.
  6. Login and verify you are being prompted by Duo.

Defaults and Modifications

The script is currently configured with the following default arguments:

  • AutoPush is enabled.
  • FailOpen is enabled.
  • RDPOnly is disabled (will work for all logins – console and remote).
  • EnableOffline is enabled.
  • SmartCard is disabled.

To modify any of these configurations, open the Agent Procedure (“Custom – SW – Deploy Duo Windows Authentication“)

Modify the following lines: 15-23



Leave a Reply

Your email address will not be published. Required fields are marked *