Challenge Users
Defines the users that Authentication Agent challenges for RSA SecurID credentials. You can challenge all users, all users except those in a specified group, only users in a specified group, or no users. You can specify whether or not to send the domain name and user name to RSA Authentication Manager instead of just the user name.
Note: If you challenge only users in a specified group or all users except those in a specified group, you must enter the name of the group in the Group name field. Enter the group name in the format
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings |
| Value Name | EnableChallenge |
| Value Type | REG_DWORD |
| Value | 1 |
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings |
| Value Name | EnableChallenge |
| Value Type | REG_DWORD |
| Value | 0 |
Select the users to challenge.
- Off
Registry Hive HKEY_LOCAL_MACHINE Registry Path SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings Value Name ChallengeMode Value Type REG_DWORD Value 0 - Users in
Registry Hive HKEY_LOCAL_MACHINE Registry Path SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings Value Name ChallengeMode Value Type REG_DWORD Value 1 - All users
Registry Hive HKEY_LOCAL_MACHINE Registry Path SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings Value Name ChallengeMode Value Type REG_DWORD Value 2 - All users except
Registry Hive HKEY_LOCAL_MACHINE Registry Path SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings Value Name ChallengeMode Value Type REG_DWORD Value 3
Enter the name of the challenge group in the format
<domain name or machine name>\<group name>.
For example: CORP\SecurID Users
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings |
| Value Name | ChallengeGroup |
| Value Type | REG_SZ |
| Default Value |
Send Domain and User Name to Authentication Manager| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings |
| Value Name | SendDomainName |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
rsa_authentication_agent.admx
- RSA Desktop
- Common Settings
- Credential Provider Filter Settings
- Exclude all third-party Credential Providers
- Exclude the Microsoft Password Credential Provider
- Exclude the Microsoft Picture Password Credential Provider
- Exclude the Microsoft PIN Logon Credential Provider
- Exclude the Microsoft Smart Card Credential Provider
- Exclude the Microsoft WLID (Windows Live ID) Credential Provider
- Exclude the RSA SecurID Credential Provider for connected authenticators
- Exclude the RSA SecurID Credential Provider for disconnected authenticators
- Exclude the RSA Smart Card Credential Provider
- GINA Settings
- Local Authentication Settings
- Cache Challenge Settings
- Challenge Users
- Label for the Local Authentication Prompt
- Logon with credentials from remote applications
- Offline Authentication Service
- Remote Desktop Connection applications
- Reserve Password
- RSA Credential Provider tile image
- Synchronize User Passwords
- Unlock with RSA SecurID PIN or Windows Password