What are your Thoughts on Using LAPS to manage local admin account passwords on a domain?
-
What are your thoughts on Using LAPS to manage local admin account passwords on a domain?
-
@eleceng
The basic premise of helping to stop horizontal attacks is wonderful. Last year we reviewed this as an option. In a test, it implemented well enough, but the PW was not truly encrypted. This can be better explained here:
https://techgenix.com/case-against-using-laps/amp/ -
I like this thinking - I wonder what the solution is for a no AD, but only AAD setup is?
Is this something Intune can handle? Some other MS service? -
@eleceng said in What are your Thoughts on Using LAPS to manage local admin account passwords on a domain?:
What are your thoughts on Using LAPS to manage local admin account passwords on a domain?
Are these local admin accounts on servers or user devices?
-
@jclambert said in What are your Thoughts on Using LAPS to manage local admin account passwords on a domain?:
The basic premise of helping to stop horizontal attacks is wonderful
But the device is joined to an AD domain so horizontal attacks are allowed by default.
-
@eleceng said in What are your Thoughts on Using LAPS to manage local admin account passwords on a domain?:
What are your thoughts on Using LAPS to manage local admin account passwords on a domain?
Use it. It's excellent.
Tie in DUO for 2FA on critical infrastructure like DCs and the backup server(s) and good to go.
-
@obsolesce Servers primarily but user desktops and laptops will be the same.
