https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/582528#M116499 <P>We use RSA's MFA Agent for Windows authentication.&nbsp; When we install or update GlobalProtect, it disables the MFA Agent at Windows login until we connect at least once via the VPN.&nbsp; It appears it is adding itself as an authentication provider into the Windows Login UI and I suspect it is related to these registry entries below.&nbsp; Has anyone found a way to prevent this during the installation via a command line switch or some other method? It is of course of concern for us as it is a security risk not having RSA enabled.</P> <P>(FYI - this has happened with multiple versions of 6.1.x - latest being 6.1.4 - and we do have connect-before-login enabled for GP)</P> <P>&nbsp;</P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv"</FONT></P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}\InprocServer32]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv.dll"</FONT><BR /><FONT face="courier new,courier" size="2">"ThreadingModel"="Apartment"</FONT></P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv"</FONT></P> <P>&nbsp;</P> <P>Once we connect the VPN these registry entries are removed.</P> Wed, 03 Apr 2024 16:56:22 GMT TonyDeHart 2024-04-03T16:56:22Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/582528#M116499 <P>We use RSA's MFA Agent for Windows authentication.&nbsp; When we install or update GlobalProtect, it disables the MFA Agent at Windows login until we connect at least once via the VPN.&nbsp; It appears it is adding itself as an authentication provider into the Windows Login UI and I suspect it is related to these registry entries below.&nbsp; Has anyone found a way to prevent this during the installation via a command line switch or some other method? It is of course of concern for us as it is a security risk not having RSA enabled.</P> <P>(FYI - this has happened with multiple versions of 6.1.x - latest being 6.1.4 - and we do have connect-before-login enabled for GP)</P> <P>&nbsp;</P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv"</FONT></P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}\InprocServer32]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv.dll"</FONT><BR /><FONT face="courier new,courier" size="2">"ThreadingModel"="Apartment"</FONT></P> <P><FONT face="courier new,courier" size="2">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}]</FONT><BR /><FONT face="courier new,courier" size="2">@="PanV2CredProv"</FONT></P> <P>&nbsp;</P> <P>Once we connect the VPN these registry entries are removed.</P> Wed, 03 Apr 2024 16:56:22 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/582528#M116499 TonyDeHart 2024-04-03T16:56:22Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/582541#M116502 <P>I've determined that removing this key and rebooting fixes this issue but WHY does GP add this in the first place and then subsequently remove it <FONT face="courier new,courier">once you've logged in to the VPN at least once?</FONT></P> <P>&nbsp;</P> <P><FONT face="courier new,courier">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{25CA8579-1BD8-469c-B9FC-6AC45A161C18}]</FONT><BR /><FONT face="courier new,courier">@="PanV2CredProv"</FONT></P> Wed, 03 Apr 2024 18:10:37 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/582541#M116502 TonyDeHart 2024-04-03T18:10:37Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/583033#M116561 <P>When GlobalProtect connects to the firewall for the first time with proper credentials, it removes the registry keys in the original post.&nbsp; Anyone have any idea why it adds them and if there is a way to stop it?</P> Tue, 09 Apr 2024 12:00:12 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-windows-negating-disabling-rsa-authentication/m-p/583033#M116561 TonyDeHart 2024-04-09T12:00:12Z