Submitted by: Rossy Guide

For full multi-factor authentication functionality, Microsofts Azure Multi-Factor Authentication is the product of choice.

Delegating Administration of the server:

When we want to delegate access to admins, we delegate four things.

1. Allowing interactive logon to administrators

Allowing interactive access: To allow Remote Desktop access on a Windows Server, and then the rights to access the Multi-Factor Authentication Server management console.

To do this is to add the global security group PhoneFactor Admins to the local administrators group by applying a Group Policy Preference on a separate Organization Unit containing all the Windows Servers running Multi-Factor Authentication Server.

Alternatively, you could perform this by hand:

o Log on to the Windows Server running Multi-Factor Authentication Server with an account with sufficient permissions to change local group memberships.

o Right-click Start.

o Select Computer Management from the context menu.

o In the left navigation pane of the Computer Management window, expand Local Users and Groups.

o Click Groups.

o In the main pane, click to select the Administrators

o Right-click the group and then select Add to group from the context menu.

o On the Administrators Properties window, click Add.

o Enter the name of the PhoneFactor Admins group and click Check Names.

o Click OK.

o On the Administrators Properties window, click OK.

o Close the Computer Management

o Log off.

Perform these steps on all the Windows Servers running Multi-Factor Authentication Server within the environment.

Adding admin colleagues to the PhoneFactor Admins group:

Now, all you need to do is add your colleague admins to the PhoneFactor Admins group in Active Directory Domain Services.

2. Allowing log access

Log on interactively to the Windows Server running Multi-Factor Authentication Server and perform these actions:

o Open File Explorer using the This PC tile on the Start screen.

o Navigate to Local Disk (C:), then Program Files, then Multi-Factor Authentication Server.

o Scroll down a bit in File Explorers main pane and click the Logs folder and right-click it and select Properties from the bottom of the context menu.

o Click the Security ta

o Click the Edit button.

o On the Permissions for Logs window, click Add

o Type the name of the group you want to assign access, and then click Check Names.

o Click OK.

o On the Permissions for Logs window, click OK.

o On the Logs Properties window, click the Sharing

o Click the Advanced Sharing

o Select Share this folder.

o Give the share an appropriate and add a $ to the end of it to hide it from other Windows-based devices.

o Click OK.

o On the Logs Properties window, click Close.

o Close File Explorer.

o Log off.

3. Delegating user and authentication management

Perform these steps to delegate management via the Multi-Factor Authentication User Portal:

o Log on to the Windows Server running Multi-Factor Authentication Server with an account with sufficient permissions to manage Multi-Factor Authentication.

o Open the Multi-Factor Authentication Server management console.

o In the left pane, click User Portal.

o Click the Administrators

o Click the Add button

o In the Username field, type the name of the colleague, or use the Select User button to select the user object from the Multi-Factor Authentication database.

o Select the appropriate permissions from the two lists of delegated management options.

o Click Add.

o Close the Multi-Factor Authentication Server management console.

o Log off.

4. Delegating notifications

Here are the steps:

o Log on to the Windows Server running Multi-Factor Authentication Server with an account with sufficient permissions.

o Open the Multi-Factor Authentication Server management console.

o In the left pane, click Email.

o In the main pane, select Send notifications to User Portal administrators with the o Receive Notifications permission if it is not already selected.

o In the Send notifications to these email addresses field, add email addresses for the additional users who should receive notifications.

o Close the Multi-Factor Authentication Server management console.

o Log off.

About the Author: If you like this article and want to find more information about Windows FTP server I recommend you to check our Windows FTP website:

sysax.com/

Source:

isnare.com

Permanent Link:

isnare.com/?aid=1941677&ca=Computers+and+Technology}