How do I disable two-factor authentication in Endpoint Central?
User/Administrator cannot access Authenticator?
The user/administrator can contact other users with administrator privileges to restore two-factor authentication using Authenticator. Administrators can regenerate the QR code via e-mail from Admin tab -> User Administration -> Actions (Under the appropriate user) -> Regenerate QR Code.
How to disable two-factor authentication if there are no other administrators available or email server is unreachable?
Follow the below steps to disable the two-factor authentication.
These steps are applicable only from Endpoint Central build version #10.1.2138.7
1. If user wants to disable TFA temporarily when there is a temporary mail server issue:
- Go to Services.msc and stop your ManageEngine Endpoint Central Server service.
- Open a command prompt in administrator mode, navigate to <Install_Dir>\DesktopCentral_Server\bin directory and execute disableTFA.bat with argument TempDisable. example disableTFA.bat <space> TempDisable
- Enter administrator username and password.
- Now the TFA will be disabled and TFA Enforcement will be added with a grace period of 2 days.
- Start the ManageEngine Endpoint Central Server service from Services.
2. If user wants to disable TFA permanently:
- Follow the previous steps to disable TFA temporarily.
- There will be a User Interface request for permanent exclusion of TFA , you may choose to select that.
If Endpoint Central build version is less than #10.1.2138.7
- From the machine in which your Endpoint Central server is running, navigate to services.msc and stop your Endpoint Central Server service.
- Using command prompt in administrator mode, navigate to <Install_Dir>\DesktopCentral_Server\bin directory and execute ExecuteQuery.bat disable2FA.xml.
- Start Endpoint Central server service from services.msc.
- Now login to the Endpoint Central web console using a different browser to avoid any cache issues.
Note: Following the above steps will disable two-factor authentication for all the Endpoint Central users. However, You can enable it again by navigating to Admin Tab -> User Administration -> Secure Authentication -> Enable Two-Factor Authentication.