![]() ![]() Use LAPS to automatically manage local administrator passwords on domain joined computers so that passwords are unique on each managed computer, randomly generated, and securely stored in Active Directory infrastructure. The computer is allowed to update its own password data in Active Directory, and domain administrators can grant read access to authorized users or groups, such as workstation helpdesk administrators. LAPS stores the password for each computer’s local administrator account in Active Directory, secured in a confidential attribute in the computer’s corresponding Active Directory object. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers. LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. The Local Administrator Password Solution (LAPS) provides a solution to this issue of using a common local account with an identical password on every computer in a domain. Such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack. No functionality has been added or modified.įor environments in which users are required to log on to computers without domain credentials, password management can become a complex issue. Note: the only change in this release is that the binaries and installer package have been recompiled and signed with SHA256.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |