Re: Auto Login, Kiosks, and DUO Agent (work around?)

kstruik · ‎03-11-2022

Good Morning,
We have a number of pcs, such a time clock’s or plant control computers. These computers are on the domain and locked down with group policy.

We had them all configured with registry keys to auto log in with a specific account. These accounts do NOT have local admin rights on those PCs.

Once pushing out the DUO agent, these registry keys no longer work. I still want these computers to have the agent, so if I, as an admin, log in, I get 2-factored. But I still need the day to day user to log on automatically. Its not realistic to expect the line operators to remember 10 different computer logins for these shared PC’s.

According to support, this is not possible. Has anyone found a way to work around this, short of putting a label with the password on each computer monitor?

macolinob · ‎03-14-2022

Hello,

I too, would like to be able to do this.

Thank you,

Bret Macolino

ErikC1 · ‎03-17-2022

Is the auto-login feature in Windows 10 supported when protecting Windows with Duo?

I’ve attached the incredibly shortsighted policy statement on the use of Auto-login. The brevity of the statement doesn’t hinder the pedantic sentiment. They have spoken, peasant.

Yet they have a bypass option for the user. Why, if it’s so cut and dry?

DuoKristina · ‎03-17-2022

Hi @ErikC ,

The distinction between that statement on Windows autologin and the concept of Duo bypass status for a user is that no Duo status permits a user to skip primary authentication. Duo for Windows Logon is intended as additional security for interactive logons.

Duo, not DUO.

ErikC1 · ‎03-17-2022

This is a distinction in words only. You are not actually skipping the login. It is being done for you by storing your username and encrypted password.

The point is that the user has only kiosk-like access. We want anyone with actual access to use 2FA.

Having no DUO is not the option that we want. If that is what you prefer, we will start looking at other solutions.

zamarax · ‎09-27-2024

We also need this, it's very common to have KIOSKS that are limited but you want it to be active should an admin logon.

DuoKristina · ‎10-01-2024

Hi there. To submit feature requests for Duo please contact your Duo account exec or Duo Care manager. If you don't have one of these you can contact Duo Support to submit or upvote feature requests. Community posts don't automatically create feature requests for our product team.

Duo, not DUO.

zamarax · ‎10-01-2024

@kstruik wrote:
Good Morning,
We have a number of pcs, such a time clock’s or plant control computers. These computers are on the domain and locked down with group policy.
We had them all configured with registry keys to auto log in with a specific account. These accounts do NOT have local admin rights on those PCs.
Once pushing out the DUO agent, these registry keys no longer work. I still want these computers to have the agent, so if I, as an admin, log in, I get 2-factored. But I still need the day to day user to log on automatically. Its not realistic to expect the line operators to remember 10 different computer logins for these shared PC’s.
According to support, this is not possible. Has anyone found a way to work around this, short of putting a label with the password on each computer monitor?

But seeing as you work for them YOU should be taking feedback from the community and letting the devs and their management know what people are looking for, else people just move on to different products.

DuoKristina · ‎10-03-2024

Thanks for your thoughts on this.

Duo, not DUO.