I'm setting up a semi-production lab with five Windows Server 2022 machines. They're not connected to a domain and won't ever be, plus they're fully isolated from the internet. Each server has its own local user and local admin accounts. I'm looking for software that can add an extra authentication step where I must input a TOTP code after entering the local credentials. This needs to integrate with the Windows login process. Since these servers don't connect to the internet at all, I need solutions that are offline only. Any suggestions for available software, both paid and preferably free or open-source?
3 Answers
You might want to check out WatchGuard AuthPoint. It offers the functionality you're looking for, but make sure to avoid the cloud features since you need to stay offline.
Another option is Duo Windows Authentication. I’ve rolled it out across about 50 servers, and while it does have an online requirement to set up offline mode initially, it allows you to use TOTP without needing internet after that. Just be cautious with the settings regarding internet connection."
Just to clarify, there’s absolutely no internet access for daily operations on these servers, right?
Out of curiosity, is this enhanced authentication setup primarily for security purposes?
But isn’t WatchGuard primarily cloud-based? I thought it wouldn't fit your needs.