I. YubiKey Certificate Enrollment

Enrollment

1. Ensure YubiKey is plugged in.

    Yubikey should be new or set back to defaults

   Ensure Yubikey has default MGMT pin, if not run the following command: 
   ykman piv access change-management-key -m <MGMKEY> -n 010203040506070801020304050607080102030405060708

   
   

   or https://support.yubico.com/hc/en-us/articles/360013645480-Resetting-the-Smart-Card-PIV-Application-on-Your-YubiKey

   
   
2. Remote desktop to enroll01.ad.rit.edu
   1. Enter enroll01.ad.rit.edu into the Computer: 
      
   2. Select Show Options dropdown in the bottom left.
   3. Select the Advanced tab.
   4. Select Settings... from the Connect from anywhere.
      
   5. Select Use these RD Gateway server settings: and enter "rdgateway.rit.edu" as the Server name. 
      
   6. Select OK.
   7. Select Connect.
   8. Enter RIT credentials with username MAIN\xxxxxx where "xxxxxx" is your username.
   9. Enter credentials again.
       

1. Multi-factor with DUO (will do so automatically)
   
   
   

2. Double-click on the Autoenroll.bat
   
   
   
3. Enter PIN 123456 when prompted. When complete, the command prompt window will go away.
   
   1. Note: 123456 is the default Yubikey PIN.
      
      

      Change PIN (if default)

4. Send Ctrl-Alt-Del through RDP (Ctrl-Alt-End) and click on Change a password
   
   
   
5. Click on Sign-in options and then Smart card
   
   
   
6. Enter the default PIN and your new PIN