Rohos Logon Key v. 2.9 improvements for Windows 7

Dear users and customers, we are happy to announce a few improvements in Rohos Logon Key. New features affects “Allow login only by USB Key” feature specially when using Rohos Logon in corporate network or Windows Remote Desktop services.

What’s new:

1. When you use “Allow to login only by USB Key” feature, you may define a set of users that will be able still to login by a regular password (without USB Key). Please note:
– Current user name is added to this list automatically by default .
– We recommend to set it to Terminal Server administrator user name
– If it is blank: regular password based login will be disabled for any user (ensure that you have defined Emergency Login or have a valid USB Key)
– Rohos Icon in Credentials Prompt dialog box allows any user name credential to be entered manually.

2. On the Windows 7/2008 logon screen you have Rohos logon icon.

Now it contains User name and password fields. This is designed specially for network Admins to be able to access computer in a regular way locally or via Remote Desktop.

3. User Account Control credentials prompt with Rohos icon. Now you can regular use here User Name and password. Please note – this credentials prompt accepts USB Key or any user name and password entered manually.

4. On Windows 7/ 2008 Rohos logon key creates “Rohos Logon Key (User)” shortcut that allows regular users to setup and manage USB Key for Windows authentication.

5. USB key redirection into Remote Desktop

Rohos Logon Key allows to setup redirected USB flash drive as a Login Key for Windows Remote Desktop.

On the screenshot “\\tsclient\G” is a USB flash drive connected to client PC. After setting up this USB drive it will contain also portable Rohos components to login into Remote Desktop from any PC with this Key (without installing Rohos on it)

A few notes about Windows Remote Desktop services support

Today In most configurations “Network Level Authentication” option is used on a Windows Terminal Server (TS). It  means after providing credentials in the MS Remote Desktop Connection user login straight into Remote Desktop (without entering credentials at login screen).

In this case you need to use “Allow to login only by USB Key” option in Rohos Logon Key (installed on TS). So NLA will be used anyway but in addition require USB Key in Terminal Server login screen. This will enforce 2-factor authentication principle : Remote Desktop users will be able to provide credentials at RDC and USB Key will be verified also.

If you are Network Administrator you will be able to login into TS by using regular username/password .

Remote Desktop connection passthrough

On Windows 7 / Windows 2008 R2 rohos credential provider support passthrough authentication for Remote Desktop login (based on NLA – Network Level Authentication). Once credentials are authenticated via NLA it will be used by Rohos.

To enable this feature: Open Rohos Logon Key > Options > More > and enable “Enable authentication filter”.

Windows 7 / 2008 logon screen editor

Now Rohos Logon allows to edit logon screen picture (background) and user icons.

The list of options you can customize on Windows 7 logon screen by Rohos:

  • Hide Rohos Logon Key icon
  • Change the picture of Rohos Logon Key icon
  • Hide any user icon or just a single icon
  • Change background picture of logon screen

Download Rohos Logon Key release with this improvements.

Credentials Prompt of RDP 6.0 and login with USB Key

Microsoft Remote Desktop Connection 6.0 (on Windows Vista\Seven) by default makes it mandatory for the user to enter user name and password before RDP client can establish connection to the WinSeven/2008 remote server (“ Enter your credentials for <server>. These credentials will be used when you connect to the remote computer” ). This is called “ Network Level Authentication“. If you are going to use USB key you can skip this prompt or disable it.

on vista you will see

As Rohos Logon Key RDC plugin works with the established terminal session this Credentials Prompt may be ignored or disable it by default.

Actually if Rohos Logon is installed locally it could work in this ‘credential prompt’ window:

How to disable RDC Credentials Prompt:

To skip the credentials prompt – choose “Do not attempt authentication” under Authentication options on the Advanced tab, but this option is not set permanently. To permanently skip the additional credential screen , edit the Default.RDP file (My Documents folder) in notepad. Including enablecredsspsupport:i:0 disables the Credentials Security Service Provider for the connection. If you use separate .RDP files for different server, modify each of those .RDP files. Below is the content section of the default.rdp file with enablecredsspsupport:i:0 option included.

authentication level:i:0

prompt for credentials:i:0
negotiate security layer:i:1

Note that this workaround is suggested only if you connect Windows 2000/2003/XP systems because according to Terminal Services Team blog post – “This option does disable the new credential prompting behavior, but it also disables support for Network Level Authentication for Vista (and Longhorn Server) RDP connections; Network Level Authentication requires credentials to be provided by the client before a session is created on the server side.” So if you do connect to Vista over RDP, you’ll not be able to use this option.

Using YubiKey token to log in into Remote Desktop

Hey All,

We would like to announce new release of Rohos Logon Key with YubiKey token support.

Key features:

  1. Doesn’t require to install anything on client computers
  2. Support cross Remote Desktop connections. (RDC via RDC)
  3. Cross platform: Connect to Windows Remote Desktop from Mac or Linux also
  4. Works with Windows Active Directory configurations
  5. Support password update/renewal policies
  6. Allows to quickly Add or disable certain YubiKey tokens for access
  7. Works in Windows 2003/2008 Terminal Servers

What’s new for YubiKey security:

  • Support for remote OTP verification and local OTP decryption
  • Yubikey setup dialog where you can Enter Yubico authentication web site or AES key for OTP decryption

Read more

Login into Web based Remote Desktop with USB key

Rohos Logon Key for remote desktop Rohos Logon Key is the only software that allows to use USB flash drive as a 2-factor security key to access Windows Remote Desktop. It also supports Web Based remote desktop access with USB Key.
Read more