What is the best practice for using AuthAnvil Two-Factor Auth (2FA) to secure computers that are not part of a Domain?

Many networks have computers that, for one reason or another, are not members of the domain. These might be web or mail servers in the DMZ, servers in the datacenter, or in our case, the QA department’s test servers and workstations. Just because a machine isn't a member of the domain doesn't mean that it doesn't need to be protected, and AuthAnvil can protect it.

Helping to make life simple, AuthAnvil doesn't care whether a system is domain-joined or not. All that it’s concerned about is that the username that you are trying to log in using exists on both the machine that you're trying to log onto, and in AuthAnvil.

Our best practice for dealing with this scenario is to create a grouped user in AuthAnvil that matches a user that exists on the server. (Or create a new one expressly for this purpose). This way, you can make anyone who needs access to the server a member of the grouped user.

If you want, you can set up different grouped users for each machine and control access that way, use the same one across all of them, or use any mix that works for you. 

In addition, you can set an Override Password or a local Override Group to control access for users who don't need to use a token to log in. Both the Override Password and Override Group can be configured using the AuthAnvil Logon Config control panel applet in control panel.

Remember, just because it’s not domain joined, that doesn't mean that it doesn't need to be protected.


If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.


Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section