Manage password administrator PC in Enterprise

Hi Please recommend help me about solution manage password in enterprise (about 9000 user) should be use LAPS to manage (win 10) ? I worry some if use this ? if the future Microsoft not devel...

HidMov
Aug 12, 2019
Hey Tien Ngo Thanh

LAPS is to administer local admin passwords on a domain-joined computer. It can - if I recall correctly - only administer the default local admin on a machine or a secondary custom local admin on a machine but not both.
LAPS can be set so if the computer loses trust in the domain the password reset process will not take place - the password in AD is the current password even if it expires. Once computer regains trust, the password changes again.

LAPS is a great solution to from a security point of view to mitigate pass-the-hash attacks or being compromised if a re-used local admin password is obtained by an adversary. If your concern is management of users passwords then LAPS will not help in that sense.

Thanks,
Mark

HidMov

Iron Contributor

Aug 12, 2019

Hey Tien Ngo Thanh

LAPS is to administer local admin passwords on a domain-joined computer. It can - if I recall correctly - only administer the default local admin on a machine or a secondary custom local admin on a machine but not both.

LAPS can be set so if the computer loses trust in the domain the password reset process will not take place - the password in AD is the current password even if it expires. Once computer regains trust, the password changes again.

LAPS is a great solution to from a security point of view to mitigate pass-the-hash attacks or being compromised if a re-used local admin password is obtained by an adversary. If your concern is management of users passwords then LAPS will not help in that sense.

Thanks,

Mark

Tien Ngo Thanh

Iron Contributor

Aug 22, 2019

Thanks , i will try install it and manage local administrator for PC and Server

Forum Discussion

Manage password administrator PC in Enterprise

Resources