Automatic Windows Logon and RDP Connector Deployment
The LoginTC Windows Logon and RDP Connector adds MFA to Windows clients and servers. Windows administrators can distribute the software using Group Policy Objects (GPOs).
Download the latest LoginTC Windows Logon and RDP Connector:
https://www.logintc.com/docs/downloads/windows-logon-and-rdp-connector/
Download Windows SDK ISO:
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
Mount the Windows SDK ISO with Explorer and open the directory Installers.
Find and install Orca-x86_en-us.msi
Open the Orca application
Click File in the menu bar and then click Open. Navigate to and select the downloaded LoginTC Windows Logon and RDP Connector

Click Property in the left panel

Right-click in the right panel and select Add Row

Create and add the following properties and their values
For more information on each property see:
https://www.logintc.com/docs/connectors/windows-rdp-logon/#command-line-installation
Property | Explanation | Value (Example) |
CONFLOGINTCAPIHOST | The LoginTC API host | cloud.logintc.com |
CONFLOGINTCAPPLICATIONID | The 40-character Application ID (found in the Admin Panel) | 5de7c5b82a6972... |
CONFLOGINTCAPPLICATIONAPIKEY | The 64-character Application API Key (found in the Admin Panel) | 5R2EgzXBOHx3RN... |
CONFENABLERDP | 1 to enable LoginTC for remote (RDP) logins (or 0 to disable) | 1 |
CONFENABLECONSOLE | 1 to enable LoginTC for console logins (or 0 to disable) | 0 |
CONFENABLEUAC | 1 to enable LoginTC for UAC (or 0 to disable) | 0 |
CONFCHALLENGEGROUPS | (Optional) Groups whose members will be challenged. | RemoteMFAUsers |
CONFBYPASSGROUPS | (Optional) Groups whose members will be bypassed. | RemoteMFAUsers |
CONFCHALLENGEUSERS | (Optional) Users which will be challenged. | *\support |
CONFBYPASSUSERS | (Optional) Users which will be bypassed. | *\support |
An example is shown

Open File in the menu bar and click Save to save the file

Create a share folder on the Domain Controller server. Right Click on the folder, select Give access to and click Specific people...

Type Domain Computers in the search box, and then give the Domain Computers account read permissions and click Share

Note down the share address. In this example it is “\\WIN-0KPAHIAMED5\Share”

Copy the modified LoginTC Windows Logon and RDP Connector file to the new network share just made
Launch Group Policy Management from Start Menu. If it is not installed, open the Server Manager and go to the Features tab on the left hand side and then click Add Features in the pane on the right. Check the box in the new window that says Group Policy Management, and then click through the next few screens. It will install and then you can open it like described before.
Navigate to Forest: YOURDOMAIN --> Domains --> YOURDOMAIN --> Group Policy Objects

Type in a name for the GPO and press OK

Once the new GPO is created, it will show up under the Group Policy Objects folder. Click on the new GPO with the assigned name.
In the right panel on the bottom, there is a box that says Security Filtering. Click on and remove the Authenticated Users entry.

Click Add

For deployments to specific computers, add all of the computer names the software should be deployed on. Otherwise, for all computers, add the group Domain Computers. Click Check Names and then press OK.
NOTE: We recommend testing on a small set of computer prior to general deployment.

Go back up to the YOURDOMAIN folder (in the navigation pane) and right-click it. Click Link an existing GPO...

Select the new GPO and click OK.
Now go back to the GPO under Group Policy Objects folder, and right-click it. Click on Edit...

A new window will open. Navigate to Computer Configuration --> Policies --> Software Settings --> Software installations.

Right click inside the empty pane on the right and go to New... > Package

In the new windows that pops up, navigate to the share that you created earlier by filling the top address bar. In our case, it will be “\\WIN-0KPAHIAMED5\Share”. Click the arrow key beside the address bar.

Select the modified windows-logon-connector you copied into the network share earlier and click Open.

Select the Assigned checkbox and then click OK.

That is all. Close all the windows and restart the destination computer where you want to automatically install windows-logon-connector.
When you restart the destination computer, you will see something like the following. After the installation is complete, the computer will automatically perform another restart.
