Program a key over RDP
Normally AuthLite keys can only be programmed when directly connected to the computer running the configuration program, not over remote desktop. There is a work around.
For normal login, and changing passwords after your account is already AuthLite Integrated, the hardware keys (yubikeys) work normally over RDP.
But two situations require special attention over RDP:
- When you are first setting up your user account as AuthLite Integrated, in the "change password" screen
- When you are using the AuthLite configuration dialog to set up extra keys or Web/VPN (split) keys
If you attempt to do one of the above procedures in an RDP session, you will receive an error that there is no key plugged in. These programs can only write to the yubikey when it is plugged in to a USB port they can see. Over an RDP session, the yubikey is not actually connected to the remote system, only its keystrokes are sent. This is good enough to use the key, but not enough to program it.
Solution: Program keys remotely
- Install the Key Programmer bundle to your local workstation: 32-bit programmer or 64-bit programmer
- Set slot 1 to AuthLite OTP.
- Set slot 2 to "do nothing"
- on the next tab, plug in yubikey
- when detected, go to the next tab and yubikey slot 1 will be programmed for AuthLite
- Each new key you plug in will be programmed
- click Finish and save the XML
- this can be imported into the v1.2.25 (or later) Data Manager app
Now all the data for the keys has been added. The procedure to integrate a new user with a pre-programmed key is slightly different than for a blank key.
Steps the user performs:
- Plug in the (already programmed) key to a USB port on your RDP client machine.
- In the RDP session, press ctrl-alt-end to bring up the security screen, and go to Change Password.
- Instead of typing the username, tap the AuthLite key into the first field.
- Fill out the old and new password fields.
- Select the checkbox "Use AuthLite with this account"
- Click OK.
- The key will now become associated to that user, and their account will be integrated with AuthLite.