Login Windows Remote Desktop in a secure way by USB key

Rohos Logon Key works with MS Remote Desktop Connection tool and allows to log in into Remote Desktop by using hardware USB token like USB flash drive, OTP token or smart-card. By using a PIN code with USB token you may protect your network with two-factor authentication.

Rohos Logon Key allows to access Windows and Mac computer in a secure way by using the popular USB tokens and authentication devices (OTP, PKCS11)  replacing weak password based login.

How it works

Rohos Logon Key integrates into Windows Terminal Services login screen (Windows XP/ 2003/ Vista/ 2008/ Seven). It works by adding two-factor authentication level to existing authentication infrastructure. After deployment users can log into remote session by using USB key. It is convenient and secure password replacement solution:

  • There is no need to connect USB Key directly to TS server for setup.
  • If you use USB flash drive, Yubikey OTP token or smart-card (MiFare) as a logon key then you dont need to install Rohos on a every machine you log in from
  • It provides higher security level through using long password that is stored on USB token.
  • Two-factor authentication is provided by using a PIN code (with limited number of wrong attempts).

USB Token Admin

Read next to find out how to configure it.

How to try Remote Desktop login by USB Key:

In order to try Remote Desktop login by USB key you can download 15-day trial version Rohos Logon Key. Download.

You should have Windows XP Pro/ 2003/ Vista/ Seven or Windows 2008 Server as your Terminal Server computer to try it.

1. Installing it on the Terminal Server:

(This should be done by Network Admin)

Just Install Rohos Logon Key on the Terminal Server computer (restart is not needed).

2. Setting Up USB Key for authentication :

(This can be done by any User or Network Admin)

  • On the MS RDC connection settings specify to redirect local USB Drive (or smart-card reader) to your Remote Desktop
  • On the Remote Desktop open Rohos Logon Key. Or “Rohos Logon Key (User)” application if you are network user.
  • Click on “Setup USB Key” button. Redirected USB Key will be detected. Enter your Windows password and click Setup.

- After that your USB Drive now is USB Key and it is ready for login. You may close TS session and try to login with the USB Key.

Please note: Network Administrators also could use Rohos Server Version components  to create and manage USB Keys. Learn more.

3. Installing Rohos on the Client PC (Any Windows):

(Optional step. But it should be done by Admin)

You do not need to install Rohos Logon Key on a workstation - if you use the following tokens as USB Key:

- USB flash drive (Rohos component is copied into USB stick)

- OTP tokens like Yubikey

- Smart-cards like Mifare 1K RFID (smart-card reader redirection by RDC)

Please note: If your Terminal Server requires to use Network Level Authentication you need to use this workaround to disable UAC credentials prompt. If this doesn’t help - then you need to install Rohos Logon Key on a workstation also to be able to authenticate into Remote Desktop by USB Key by using UAC Credentials prompt.

Login into Remote Desktop by USB Key:

Connect your USB Key into a Workstation USB port.

If you are using USB drive as a Authentication Key - open USB drive and run “Rohos Logon Key (RDC setup).exe”

This should be done only once on each new Workstation.

Now you can open Remote Desktop connection utility and connect to Remote Desktop:

USB Token Admin

On Windows Vista/Seven/8 you may have Credentials Prompt dialog. You may use  this workaround to disableit or install Rohos Logon Key to be able to use USB Key here.

 

Please ensure that Remote Desktop login screen has a green Rohos USB Key icon.  User login and password information from USB Key will be transferred to remote session (or PIN request will pop up). This may take up to 5 seconds.

Windows 2003 Remote Desktop logins creen

USB Token Admin

Windows Seven / 2008 Remote Desktop login screen

Web based Remote Desktop is also supported. To learn more please, read here.

Benefits of Rohos Logon Key for networks:

Rohos Logon Key can be easily integrated into existing infrastructures. It offers native support for Active Directory, eDirectory (with installed Novell Client), Microsoft Windows 2000/2003/ XP / Vista / 2008/ Seven server.

  • Your Computer security benefits:

    1. Replaces weak password based login with a hardware USB key (USB flash drive or memory card)
    2. Use big password, without the need to remember it
    3. Login with a USB Key is fully automatic and fast!
    4. The system is password protected but you don’t need to enter it manually each time you login or unlock Windows
    5. Secure 2-factor login: Your USB Key + PIN code password
    6. Uses a single USB Key to sign-in into your Home, laptop and office computer
    7. Windows is protected even in Safe Mode

No difficulty:

  • Removes the burden of remembering and entering and re-entering strong passwords;
  • No PKI infrastructure needed.

Rohos Logon Key can be easily deployed to provide secure environment and helps your organization to meet regulatory compliance (HIPAA).

New! For Web Based Remote Desktop - If you have enabled a virtual channels application in your Terminal Services deployment, you can make Rohos Logon available on client computers that access the terminal server by means of the Remote Desktop ActiveX control. To learn more please, read

Rohos Logon Key Server Version

It is specially designed to be installed into Administrator’s computer. It allows carrying out the following administration tasks:

  • To manage USB keys for the access to any computer in the network in the USB Key Management utility.
  • To configure USB keys for the login into the remote desktop.
  • To Block and UnBlock USB Key from Remote Desktop access.
  • To change Rohos Logon settings remotely on the network workstation.
  • Remotely connect to USB key. Learn more

Supported USB tokens

Rohos Logon Key supports the following USB tokens for Windows Remote Desktop login:

  • regular USB flash drive (100 Kb free space required).
  • Smart-cards (Mifare 1K)
  • Yubikey, Umikey OTP token.
    These 3 types of tokens does not require to install Rohos Logon on client PC.
  • PKCS11 enabled token. We tested Aladdin eToken, Securetoken ST3/4,  sense trueToken, RuToken, uaToken.

Blog Posts related to Remote Desktop login with USB token

Share|

Library:

Rohos Logon Key for YubiKey integration guide - Step-by-step guide on how to set up Windows remote desktop logon with YubiKey.

Rohos Logon Key Administration and Installation guide

USB Key Administration Utility - manage hundreds access keys

How to disable credentials prompt on RDC 6.0 (Vista).

Login into web based Remote Desktop with USB Key.