Advanced Authentication (NetIQ) Ideas

Idea ID: 2874131

Protect accessing to Network Share with MFA.

Mtrix GmbH

Mtrix GmbH

Status: New Idea

over 2 years ago

For now it is possible to bypass AA Windows Client Credentials Provider when accessing Network Share from machine where AA Client installed.

How to reproduce:

--

1. Make sure that AA Client installed on machine you accessing Netwotk Share from.

2. e.g. open "This Computer"

3. Input Shared resource path into as address

4. Press "Enter"

5. Windows Security windows pop ups

6. It is possible to input only username name and password with no MFA

Tags:

AAF

Windows Client

Idea

windows

Top Comments

Alexander Tsygankov over 2 years ago +2

Hi Andreas, Sorry if I wasn't clear enough. But I'm talking about case when machine with AA Client installed is joined to Domain. Also target networkshare also located at machine that joined to Domain…

Parents

Bruno Ubisse over 2 years ago

The suggestion is that security groups could be implemented with the Logon filter installed on the Domain Controller. Only authorized accounts should belong to the security group and to become a member of this security group should follow a strict request/approval workflow.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Bruno Ubisse over 2 years ago

The suggestion is that security groups could be implemented with the Logon filter installed on the Domain Controller. Only authorized accounts should belong to the security group and to become a member of this security group should follow a strict request/approval workflow.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

Alexander Tsygankov over 2 years ago in reply to Bruno Ubisse

Hi Bruno,

Thanks for idea, but as I know AA Logon Filter is not "popular" component. Moreover, AA guide says that the main goal of AA Logon Filter is "..prevent users to log in without the Advanced Authentication Windows Client.". But it is possible to bypass MFA with AA Windows Client installed.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Resources

Learning Services

Partner Programs

Privacy

Compliance

Help

Company

Privacy Policy
Terms of Use
Cookies Preferences

Accessibility
Anti-Slavery Statement

Support
Contact Us

Careers
Code of Business Conduct and Ethics

The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.