05-11-2024 07:34 AM
I am implementing Duo for Windows Login for the first time. I have successfully installed on several servers. This is working as expected.
Question: Is it necessary to create a new Application for each server that is protected? Or can I "reuse" one Application for several devices? If I can "reuse" an existing Application, how do I do this? When I start with the normal instructions and interface to install a new Application on a device, I don't see an option to select an existing Application.
Thanks.
Mike
Solved! Go to Solution.
05-13-2024 08:47 AM
Hello Mike.
What do you mean about reusing applications? You mean a duo application with their respective key and skey or do you mean you want a way to automatically install the application to multiple servers with the same executable??
Both are possible. In the case that you mean a duo application with the key and skey you just need to type the same key and skey to all machines, there's no problem in doing that as its the actual way to do it. Multiple applications of the same type are commonly used to deny or accept and apply different policies not to join multiple machines.
If you want to automatically install duo in multiple servers with the same ejecutable you will need to follow this guide from duo.
https://duo.com/docs/winlogon-gpo
05-13-2024 08:47 AM
Hello Mike.
What do you mean about reusing applications? You mean a duo application with their respective key and skey or do you mean you want a way to automatically install the application to multiple servers with the same executable??
Both are possible. In the case that you mean a duo application with the key and skey you just need to type the same key and skey to all machines, there's no problem in doing that as its the actual way to do it. Multiple applications of the same type are commonly used to deny or accept and apply different policies not to join multiple machines.
If you want to automatically install duo in multiple servers with the same ejecutable you will need to follow this guide from duo.
https://duo.com/docs/winlogon-gpo
05-14-2024 09:36 AM
I'm just looking at your response. I ran across this same guide earlier this morning. I think this guide will answer my questions.
Thanks for your prompt response.
Mike
05-15-2024 02:50 PM
Hi @Mike Vanchiere !
As the previous responder noted, it is certainly permissible to reuse the same RDP application (meaning the same ikey/skey) when you install Duo for Windows Logon on your computers.
However, you'll find that when you review your authentication logs for that ikey/skey combo in Duo you'll have a slightly harder time figuring out which auth events came from which system with Duo installed. You'll need to look for hostname info within the Duo authlogs.
If you use unique RDP applications for different servers, It's easier to tell which is which from your authlogs. Also you can configure different per-application policies between them instead of many group policies to one application.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide