Increase security-Using OTP increases the security of your DirectAccess deployment. Troubleshoot an OTP Deployment-This troubleshooting section describes a number of the most common errors that can occur when deploying Remote Access with OTP authentication. For information regarding the configuration of OTP in a multi-forest environment, see Configure a Multi-Forest Deployment.Ĭonfigure DirectAccess with OTP Authentication-OTP deployment consists of a number of configuration steps, including preparing the infrastructure for OTP authentication, configuring the OTP server, configuring OTP settings on the Remote Access server, and updating DirectAccess client settings. Planning might also include a requirement for security groups to exempt specific users from strong (OTP or smart card) authentication. Plan Remote Access with OTP Authentication-In addition to the planning required for a single server, OTP requires planning for a Microsoft certification authority (CA) and certificate templates for OTP and a RADIUS-enabled OTP server. Planning and deploying a single server includes designing and configuring a network topology, planning and deploying certificates, setting up DNS and Active Directory, configuring Remote Access server settings, deploying DirectAccess clients, and preparing intranet servers. The OTP authentication scenario includes a number of steps:ĭeploy a Single DirectAccess Server with Advanced Settings-A single Remote Access server must be deployed before configuring OTP. Changing policies outside of the DirectAccess management console or PowerShell cmdlets is not supported.Windows 7 Clients need to use DCA 2.0 to support OTP.Ī Public Key Infrastructure must be deployed.įor more information see: Test Lab Guide Mini-Module: Basic PKI for Windows Server 2012.Deploy a Single DirectAccess Server with Advanced Settings must be deployed before deploying OTP.Prerequisitesīefore you begin deploying this scenario, review this list for important requirements: ![]() In this scenario a Remote Access server with DirectAccess enabled is configured to authenticate DirectAccess client users with two-factor OTP authentication, in addition to standard Active Directory credentials. This overview provides an introduction to the enterprise scenario for deploying Windows Server 2012 DirectAccess with one-time password (OTP) user authentication. Remote Access can be deployed in a number of enterprise scenarios. Windows Server 2012 combines DirectAccess and Routing and Remote Access Service (RRAS) VPN into a single Remote Access role. Applies To: Windows Server 2012 R2, Windows Server 2012
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |