This article applies to PRTG Network Monitor 14.x.11 or later
Defining the Time until Re-Authentication is Required on Administration Pages
Among various security enhancements that come with PRTG version 14.x.11 and 14.x.12, one security improvement is the required re-authentication on administrative pages in the PRTG web interface. If you as the PRTG System Administrator use subpages of Setup | Account Settings or Setup | System Administration, PRTG requires that the last credential based login was less than 15 minutes (900 seconds) ago. If more time has passed since then, you have to re-login with your credentials in a dialog box before you can continue to work on the settings. This behavior secures the PRTG web interface against potential phishing attacks.
The default time for required re-authentication is 900 seconds. PRTG provides a registry key option to set this time depending on your needs. With a value high enough, you can also basically disable the automatic logout. Please follow the steps below.
Note: As PRTG System Administrator, you can set a time after which the web interface performs a complete logout automatically under System Administration | User Interface, section Website. This setting does not affect re-authentication on admin pages!
Steps to Go
Caution: Please back up your system before manipulating the Windows registry!
- Stop your PRTG core server.
- Open the registry editor and navigate to the following subkey:
- On a 64-bit Windows system, navigate to
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Paessler\PRTG Network Monitor\Server\Webserver
- On a 32-bit Windows version, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Paessler\PRTG Network Monitor\Server\Webserver
- Check if the DWORD entry reauthafterseconds already exists. If not, restart the PRTG core server to create this entry automatically with the default value. Then stop the core server again.
- Right-click on the entry reauthafterseconds.
- Select Modify…
- In the Value field, enter an integer value to define the number of seconds after which re-authentication on admin pages will be required. Default is 900 seconds. Note: Choose Decimal base.
- Confirm with Ok.
- Start the PRTG core server to apply the changes.
With this registry key option, PRTG requires re-authentication on admin pages only after the number of seconds that you defined. You can define a very high value to basically disable the logout function on admin pages in PRTG. For example, use 9999999 seconds to sort of deactivate the automatic logout and stay always logged in.
Add comment