Forum Discussion

Tien Ngo Thanh's avatar
Tien Ngo Thanh
Iron Contributor
Aug 10, 2019
Solved

Manage password administrator PC in Enterprise

Hi    Please recommend help me about solution manage password in enterprise (about 9000 user)    should be use LAPS to manage (win 10) ? I worry some if use this ? if the future Microsoft not devel...
  • HidMov's avatar
    HidMov
    Aug 12, 2019

    Hey Tien Ngo Thanh 

     

    LAPS is to administer local admin passwords on a domain-joined computer. It can - if I recall correctly - only administer the default local admin on a machine or a secondary custom local admin on a machine but not both. 

    LAPS can be set so if the computer loses trust in the domain the password reset process will not take place - the password in AD is the current password even if it expires. Once computer regains trust, the password changes again.

     

    LAPS is a great solution to from a security point of view to mitigate pass-the-hash attacks or being compromised if a re-used local admin password is obtained by an adversary. If your concern is management of users passwords then LAPS will not help in that sense.

     

    Thanks,

    Mark 

HotCakeX's avatar
HotCakeX
MVP
Aug 11, 2019

You (as an admin?) want to mange passwords of 9000 people in your company/enterprise without an Active directory domain service? no i don't think you should use LAPS, i think you better use a Windows server and its roles.

Resources