PAWs.

gjacobse

It is an interesting concept - but i don't see it being implemented often.

I have however locked down access to certain users to certain PCs - but it was for a Computer Lab - the Student User was limited to only being able to sign in there.

Carnival Boy

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

scottalanmiller

@Carnival-Boy or a solution like Salt.

hobbit666

@scottalanmiller said in PAWs.:

@Carnival-Boy or a solution like Salt.

Link?

hobbit666

@Carnival-Boy said in PAWs.:

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.

Carnival Boy

Pretty much the same here, but it's a really bad idea.

scottalanmiller

@hobbit666 said in PAWs.:

@scottalanmiller said in PAWs.:

@Carnival-Boy or a solution like Salt.

Link?

https://saltstack.com/

Specifically...

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_useradd.html

gjacobse

@hobbit666 said in PAWs.:

@Carnival-Boy said in PAWs.:

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.

Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

dafyre

@gjacobse said in PAWs.:

@hobbit666 said in PAWs.:

@Carnival-Boy said in PAWs.:

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.

Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

:-S -- I hope they have a way to automate that!

scottalanmiller

@dafyre said in PAWs.:

@gjacobse said in PAWs.:

@hobbit666 said in PAWs.:

@Carnival-Boy said in PAWs.:

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.

Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

:-S -- I hope they have a way to automate that!

Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?

dafyre

@scottalanmiller said in PAWs.:

@dafyre said in PAWs.:

@gjacobse said in PAWs.:

@hobbit666 said in PAWs.:

@Carnival-Boy said in PAWs.:

Thanks. Looks like I'm ok to give it a miss then.

Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899

I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.

Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

:-S -- I hope they have a way to automate that!

Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?

Well crap... You just stole my idea.