/
I. YubiKey Certificate Enrollment

I. YubiKey Certificate Enrollment

Enrollment

  1. Ensure YubiKey is plugged in.

     Yubikey should be new or set back to defaults

    Ensure Yubikey has default MGMT pin, if not run the following command: 
    ykman piv access change-management-key -m <MGMKEY> -n 010203040506070801020304050607080102030405060708


    or https://support.yubico.com/hc/en-us/articles/360013645480-Resetting-the-Smart-Card-PIV-Application-on-Your-YubiKey


  2. Remote desktop to enroll01.ad.rit.edu
    1. Enter enroll01.ad.rit.edu into the Computer: 
    2. Select Show Options dropdown in the bottom left.
    3. Select the Advanced tab.
    4. Select Settings... from the Connect from anywhere.
    5. Select Use these RD Gateway server settings: and enter "rdgateway.rit.edu" as the Server name. 
    6. Select OK.
    7. Select Connect.
    8. Enter RIT credentials with username MAIN\xxxxxx where "xxxxxx" is your username.
    9. Enter credentials again.
       
  1. Multi-factor with DUO (will do so automatically)


  2. Double-click on the Autoenroll.bat


  3. Enter PIN 123456 when prompted. When complete, the command prompt window will go away.
    1. Note: 123456 is the default Yubikey PIN.

      Change PIN (if default)

  4. Send Ctrl-Alt-Del through RDP (Ctrl-Alt-End) and click on Change a password


  5. Click on Sign-in options and then Smart card


  6. Enter the default PIN and your new PIN

Related content

YubiKey - Unlocking Pin Code
YubiKey - Unlocking Pin Code
More like this
Configuring and using certificates to access ITS servers
Configuring and using certificates to access ITS servers
More like this
II. YubiKey Attestation
II. YubiKey Attestation
Read with this
III. YubiKey Linux SSH Client Configuration
III. YubiKey Linux SSH Client Configuration
More like this
YubiKey Windows SmartCard Troubleshooting
YubiKey Windows SmartCard Troubleshooting
Read with this
Remote Desktop
More like this