Warning: Removal of SMSPasscode needs to happen in proper order. A failure to adhere to the following steps could result in a lockout from those resources. Should a lockout occur a fee is required to have Nerdio reinstate the service to resolve access to those resources.
Warning: You will lose ability to report on user log-in date/times within NAP if SMSPasscode is removed in RDS Environments. This is because the SMSPasscode agent installed on RDSH01 reports to the database on user login, and NAP obtains the login information from that database.
Note: this process is recommended to occur off hours during a maintenance window
Removing SMSPasscode from a Nerdio environment
- Remove the agent from all active RDS hosts and Golden Images
- This step excludes DC01 and RDGW01 - do not process these two instances during the agent uninstall process on other hosts
- Remove the password reset utility from the Remote Desktop Gateway - RDGW01
- All agents should be removed at this point
- Uninstall the SMSPasscode Password reset Utility
- Remove the SMSPasscode back-end service from the Active Directory Controller - DC01
- Uninstall the SMSPasscode software
- Check services on DC01 to ensure all SMSPasscode services are removed
- Attempt a login to an RDS host to ensure multi factor authentication is removed
Note: The mobile number field under Users > Edit or Add User will be for record purposes only after SMSPasscode is removed. The field can be used for that purpose and will no longer implement MFA for the environment. Nerdio strongly recommends the use of a multi factor authentication mechanism to secure resources in Azure.
Comments (0 comments)