Product manual
19
7.2 Usage
The operation of the Remote Desktop Protection module can be verified as follows:
1. A domain user that has ESA 2FA enabled in the ADUC management tool is required for testing. This user must be added as an
allowed Remote Desktop user on the remote computer.
2. A computer that has Remote Desktop Access enabled is also required.
3. Connect to the remote computer using a Remote Desktop client, and authenticate as normal using the Active Directory
credentials of the test user.
4. The OTP prompt screen should now appear, as per the figure below.
a. If the user is enabled for SMS OTPs, an SMS will be sent containing an OTP that may be entered to authenticate.
b. If the user has installed the ESA mobile application on their phone, it may be used to generate an OTP to authenticate.
OTPs are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve
readability. The Remote Desktop Protection module strips whitespace, so a user may include or exclude whitespace
when entering an OTP without affecting authentication.
5. If a valid OTP is entered, then the user will be granted access to the computer they attempted to connect to.
6. If an invalid OTP is entered, then an error message will be displayed and the user will not be allowed access to the remote
computer.
8. Hard Tokens
A hard token is a device that generates an OTP and can be used in conjunction with a password as an electronic key to access
something. Hard tokens come in many different device types, it could be a key fob which can be clipped onto a keyring or in a
credit card form which can be stored in a wallet.
ESA supports all OATH compliant HOTP hard tokens but ESET does not supply them. The hard token HOTPs can be used in the same
way as the OTPs generated by the mobile app or sent to the user via SMS. Scenarios where this may be useful is to support legacy
token migration, for compliance or if it fits with the company policy. Note that OATH TOTPs (time-based OTPs) are not supported.