How do I disable two-factor authentication in Endpoint Central?

User/Administrator cannot access Authenticator?

The user/administrator can contact other users with administrator privileges to restore two-factor authentication using  Authenticator. Administrators can regenerate the QR code via e-mail from Admin tab -> User Administration -> Actions (Under the appropriate user) -> Regenerate QR Code.

How to disable two-factor authentication if there are no other administrators available or email server is unreachable?

Follow the below steps to disable the two-factor authentication.

These steps are applicable only from Endpoint Central build version #10.1.2138.7
1. If user wants to disable TFA temporarily when there is a temporary mail server issue:

  • Go to Services.msc and stop your ManageEngine Endpoint Central Server service.
  • Open a command prompt in administrator mode, navigate to <Install_Dir>\DesktopCentral_Server\bin directory and execute disableTFA.bat with argument TempDisable. example disableTFA.bat <space> TempDisable
  • Enter administrator username and password.
  • Now the TFA will be disabled and TFA Enforcement will be added with a grace period of 2 days.
  • Start the ManageEngine Endpoint Central Server service from Services.

2. If user wants to disable TFA permanently:

  • Follow the previous steps to disable TFA temporarily.
  • There will be a User Interface request for permanent exclusion of TFA , you may choose to select that. 

If Endpoint Central build version is less than  #10.1.2138.7

  • From the machine in which your Endpoint Central server is running, navigate to services.msc and stop your Endpoint Central Server service.
  • Using command prompt in administrator mode, navigate to <Install_Dir>\DesktopCentral_Server\bin directory and execute ExecuteQuery.bat disable2FA.xml.
  • Start Endpoint Central server service from services.msc.
  • Now login to the Endpoint Central web console using a different browser to avoid any cache issues.

Note: Following the above steps will disable two-factor authentication for all the Endpoint Central users. However, You can enable it again by navigating to Admin Tab -> User Administration -> Secure Authentication -> Enable Two-Factor Authentication.