Usb Dongle Via Rdp
Overview : a virtual smart card
I want to remote desktop into B from A. Regular RDP doesn't work because they are on different networks. I there any way to connect them via USB or something and RDP over that? I suspect no, but. USB Redirector solution as USB Network Gate allows USB over Remote Desktop connectivity letting users access local USB devices while working in an RDP session. The software works by sharing a USB port that can be used to connect to any compatible device. USB over Network and USB for Remote Desktop are easy-to-use applications. The main difference between them is that USB for Remote Desktop is designed to work in Terminal Session via RDP or Citrix ICA, whereas USB over Network is a great tool for sharing a USB device over any TCP/IP network, including with virtual machines. Remote Desktop access control benefits: Allows applying 2-factor authentication by user list or AD user group or only for Remote Desktop users. User must provide USB token each time for login; Each generated Key is unique and cannot be duplicated by the user. USB Key can be configured on Terminal Server via Remote Desktop or on local Admin PC. USB Redirector RDP Edition by Incentives Pro is an app that will definitely help you do this quickly and easily. The software is one of the best remote desktop USB redirection solutions for working in the virtual environment in the single-user mode. The app supports various Windows OS versions, including Windows 10, Windows 2016 Server and more.
EIDVirtual is a solution to make an USB KEY be recognized as a virtual smart card in the device manager. It can then be used to login with EIDAuthenticate or Active Directory.
Requirements
- Windows XP or Windows 2003 or later.
- An USB Key or memory card
Demo
Use cases
This software has been designed for administrators or developers which needs to test processes or some compatibility with smart cards on Windows. The emulation provided is compatible with all smart card scenarios (login on Active Directory or EIDAuthenticate, Radius / VPN / Wifi EAP-TLS authentication, SSL authentication, S/MIME, EFS, Bitlocker, …). As a consequence, it can be used as a fail over mechanism when you need smart cards immediately. The smart card emulation is also compatible with Remote Desktop and recognized by any computer having EIDVirtual installed.
Secure Design
EIDVirtual as been carefully design to protect private keys and the PIN. Private data are encrypted twice : first using an USB Key fingerprint and second using a PIN derivate. Computation are made into the UMDF host process isolated from all other processes.
FAQ
- Can the private key be exported ? There is NO API to export the private keys
- Can the token be copied ? The token is encrypted using the token fingerprint, including the serial number if available, which can’t be copied. The copy of the token will not be recognized.
- How PIN failure is handled ? The failed authentication attempts are limited to 3, like a real smart card. After one hour, the counter is reseted.
- What is the key size ? It is the same than the AES provider: RSA Key length – Can be set, 384 bits to 16,384 bits in 8-bit increments.
However, this software solution DO NOT perform hardware protection like :
- Physical isolation from the host CPU
- Physical destruction of the private keys
- Physical PIN enforcement
Rohos Logon Key 2-FA software secures your Terminal Server and allows logging in into Remote Desktop by using a password + hardware USB token.
Rohos Logon Key supports a variety of authentication devices
including OTP technology and offers flexible 2-factor authentication
control.
How it works
Rohos Logon Key
integrates into Windows Terminal Services login screen. It works by adding two-factor authentication level to existing authentication infrastructure. After applying 2-FA policy users can log into Remote Desktop session only by using an additional security device.
Remote Desktop access control benefits:
- Allows applying 2-factor authentication by user list or AD user group or only for Remote Desktop users.
- User must provide USB token each time for login
- Each generated Key is unique and cannot be duplicated by the user.
- USB Key can be configured on Terminal Server via Remote Desktop or on local Admin PC.
- You don’t need to install Rohos on a client PC/device you log in from.
- You can use PKCS#11 tokens of different vendors at the same time.
Higher security level with two-factor authentication variety:
- User login + USB key like SafeNet, eToken, iKey, ePass and any other PKCS#11 enabled.
- User login + USB flash drive.
- Only encrypted password is stored on USB token.
- Any type of One-Time-Password security: by Google Authenticator, YubiKey, SMS authentication or classic OTP tokens.
Read next to find out how to configure it.
Usb Dongle Via Rdp Windows 10
2-Factor authentication variety and supported security devices
In order to try Remote Desktop login by USB key you can download 15-day trial version Rohos Logon Key. Download
You should have Windows 2003-2016 Server as your Terminal Server computer to try it.
Before you start please review the type of 2-factor authentication:
The type of authentication into Terminal Server | The type of authentication device | Installing Rohos Logon Key on a client PC and/or Server: | |
Client Windows XP-10 | Terminal Server Windows 2003-2016 | ||
1) 2-factor authentication. Physical Key + Windows password (NLA). | USB tokens like eToken, iKey etc (PKCS#11) Smart-card JavaCard OTP, SMS, Yubikey or Google Auth. USB flash drive* | – | + |
2) Just a Physical Key (or a key with PIN code) | USB flash drive USB tokens (PKCS#11) Java-Card, Mifare 1K | + | + |
3) Key is used only on the client side for fast and convenient login. Terminal Server does not check USB key. | Any type of Key | + | – |
* If you are using USB flash drive as a key device: Administrator needs to install Rohos Management Tools or Rohos Logon key on a local PC.
* Setting up 2-FA by using One-Time-Password technology>
The list of supported security devices: Chromecast screenshare for mac.
- Smart-card Java-Card, RFID card Mifare 1K/4K
- Any PKCS11 tokens: SafeNet eToken, Securetoken ST3/4, senseLock
trueToken, RuToken, uaToken, iKey, ePass, Crypto Identity. Different
token models/vendors can be used at the same time. - OTP tokens, Google Authenticator for example or YubiKey, authentication by using SMS.
- Regular USB Flash drives.
How to configure USB tokens
1. Install Rohos Logon Key on the Terminal Server
2. Install Rohos Management Tools or Rohos Logon key on administrator’s computer.
3. Configuring USB tokens for authentication :
On the MS RDC connection settings specify to redirect local USB Drive or Smart-card reader to your Remote Desktop.
Usb Dongle Device
On the Remote Desktop open Rohos Logon Key.
Click on “Setup USB Key” button. Redirected USB Key will be detected. Enter your Windows password and click Setup.
Launching Users and keys command, you can see the list of users whom you have prepared the keys.
– After that your USB Key is ready for login. You may close the TS session and try to log in with the USB Key.
(A note about USB flash drive: “Rohos Logon Key (RDC setup).exe” file will be copied on USB drive automatically after setup. This is a portable Rohos component that allows to use this key on any PC without installing Rohos Logon Key. Read below about using it.)
4. Apply 2-factor authentication
Open Rohos Logon Key > Options > Allow logging in only by using USB key → For listed users or for Remote Desktop login. It increases the security by disabling the authentication without USB key.
The possible choices are:
- None
All users will be able to login by manual password entry as well as by using USB Key. Is not recommended for Terminal server. - For any user
This is the same as previous option “Allow login only by USB Key”. All users will be required to use USB Key in order to login. - For listed users
Only users from a list will be required to use USB Key for login. Any other user will be able to login by a password. The list is created automatically when a USB Key is created for a user. Please look at Users and Keys dialog box chapter. - For ‘rohos’ user group in Active Directory
Each user from ‘rohos’ group will be forced to use USB Key authentication. Rohos will check the user for a ‘rohos’ group membership and will allow logging in by password if the user does not belong to a ‘rohos’ group.
Please note: ‘rohos’ user group should be created by AD Administrator. - For Remote desktop login
Local users can log in with and without USB key. Remote login will be possible only with USB key. - For Remote desktop login outside LAN
Remote desktop login inside LAN will be possible with and without USB key. Only users, who came through the dial-up, DSL connection, and from other networks, will be ought to use USB keys.
Remote Desktop connection by USB token
Ensure you have installed Rohos Logon Key on the client PC or launched Rohos Logon key portable app from USB flash drive.
Remote Desktop Connection Credential prompt
User needs to provide a valid login and password on this step. Authentication key can also be used here (it should be configured only with Rohos USB Key Manager).
Rohos Logon Key check 2FA authentication policy and verify connected authentication Key while connecting to Remote Desktop:
Portable Rohos Logon Key
If you have decided to use USB flash drive and first variant of authentication. You don’t need to install Rohos Logon key on every workstation. Only this portable application needs to be installed for free. Sometimes it allows you even to configure new USB keys from such workstation. But in some systems it is not possible, so, you have to install the Rohos Logon key on both computers to create a new key.
You can also find it in the USB key manager application there is an additional option, that provides to copy Rohos Remote Login to USB-drive. Use the Remote Desktop button in USB key manager for it.
Bluetooth Usb Dongle Free Download
A user should run once Logon Key (RDP setup) application on any client PC with Windows 7/8. After that he must launch Remote Desktop application.
Licenses of Rohos Logon Key application for Remote desktop connection
- Rohos Server license is required for each Terminal Server PC with Rohos Logon Key, Windows 2003, 2008, 2012 with RDC access.
- For workstations with RDC access (other Windows versions) – PRO license.
- If you are installing Rohos Logon Key on the local PCs (for 2/3 authentication type) – you need a personal license for each PC.