AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting

Sometimes Group Policy isn't granular enough to enforce what you need on a server.  (If your AuthLite users have on-premises Exchange mailboxes for example, and need ActiveSync access to them.)

So we need a way to enforce only some processes on a machine.  This is accomplished by configuring the “Forced 2-Factor Processes” list on the server. Each string you enter will be matched against the command-line of the calling process. If there is a match, then two-factor authentication will be enforced for AuthLite users for that process.

Note: This feature is configured on each member server independently.

RDP Forcing

Note: You should use Group Policy instead of this feature, in most cases.

To enforce two-factor authentication for the server when Remote Desktop is used, select that checkbox.

System Forcing

Certain services may perform authentication inside the Windows kernel, thus there is a checkbox to force these processes to require 2-factor for AuthLite users.