# Disabling two-factor authentication

## How do I disable two-factor authentication in Endpoint Central when User/Administrator cannot access Authenticator?

The user/administrator can contact other users with administrator privileges to restore two-factor authentication using Authenticator. Administrators can regenerate the QR code via e-mail from **Admin tab -> User Administration -> Actions** (under the appropriate user) -> **Regenerate QR Code.** Then, proceed to open the respective authenticator app to receive the new QR code that has been generated.

![Navigating to Users tab under Admin](https://www.manageengine.com/products/desktop-central/images/admin-user-tab-navigation.png)

![](https://www.manageengine.com/products/desktop-central/help/images/regenerate-qr-code.png)

## How to disable two-factor authentication if there are no other administrators available or email server is unreachable?

Follow the below steps to disable the two-factor authentication.

*These steps are applicable only from **Endpoint Central build version #10.1.2138.7***

### 1. If user wants to disable TFA temporarily when there is a temporary mail server issue:

- Go to **Services.msc** and stop your ManageEngine Endpoint Central Server service.

![Opening services.msc](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-2.png)

![Stopping Endpoint Central Server](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-3.png)

- Open a command prompt in administrator mode, navigate to `<Install_Dir>\UEMS_CentralServer\bin` directory and execute `disableTFA.bat` with argument `TempDisable`.

Example:

```
disableTFA.bat TempDisable
```

![Navigating to Endpoint Central Server Bin directory](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-4.png)

![Running disableTFA.bat](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-5.png)

- Enter administrator **username** and **password**.
- Enter Domain name if you are an Active Directory (AD) user or press Enter if local user.

![Entering Domain Name of AD user](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-7.png)

- Now the TFA will be disabled and TFA Enforcement will be added with a grace period of 2 days.
- Start the ManageEngine Endpoint Central Server service from Services.

### 2. If user wants to disable TFA permanently:

- Follow the previous steps to disable TFA temporarily.
- There will be a User Interface request for permanent exclusion of TFA; you may choose to select that.

---

*If **Endpoint Central build version is less than #10.1.2138.7***

- From the machine in which your Endpoint Central server is running, navigate to `services.msc` and **stop your Endpoint Central Server service.**

![Opening services.msc](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-2.png)

![Stopping Endpoint Central Server](https://www.manageengine.com/products/desktop-central/images/disabling-two-factor-authentication-3.png)

- Using command prompt in administrator mode, navigate to `<Install_Dir>\DesktopCentral_Server\bin` directory and execute:

```
ExecuteQuery.bat disable2FA.xml
```

![Disabeling TFA in the Central Server Directory](https://www.manageengine.com/products/desktop-central/images/disable-tfa.png)

- **Start Endpoint Central server** service from `services.msc`.
- Now login to the Endpoint Central web console using a different browser to avoid any cache issues.

**Note:** Following the above steps will disable two-factor authentication for all the Endpoint Central users. However, you can enable it again by navigating to **Admin Tab -> User Administration -> Secure Authentication -> Enable Two-Factor Authentication.**

![Enabling Two Factor Authentication in console](https://www.manageengine.com/products/desktop-central/images/tfa-enable-console-navigation.png)