ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PAWs.

    Scheduled Pinned Locked Moved IT Discussion
    15 Posts 6 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Carnival Boy
      last edited by

      Privileged Access Workstations
      https://technet.microsoft.com/windows-server-docs/security/securing-privileged-access/privileged-access-workstations

      Do you use them?

      I use separate user and admin accounts, but have never considered using separate workstations. How common a practice is this? TBH, I'd never even heard of PAWs until the other day.

      1 Reply Last reply Reply Quote 3
      • scottalanmillerS
        scottalanmiller
        last edited by

        People talk about this stuff a bit but I doubt that many places are doing it.

        1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403
          last edited by

          I've heard of it once, at a previous employer as something that may need to be done.

          Instead they just opt'd to not give out credentials willy-nilly.

          1 Reply Last reply Reply Quote 0
          • hobbit666H
            hobbit666
            last edited by

            Never heard of it and don't want too from the looks from clicking that link 😖 lol

            1 Reply Last reply Reply Quote 1
            • gjacobseG
              gjacobse
              last edited by

              It is an interesting concept - but i don't see it being implemented often.

              I have however locked down access to certain users to certain PCs - but it was for a Computer Lab - the Student User was limited to only being able to sign in there.

              1 Reply Last reply Reply Quote 0
              • C
                Carnival Boy
                last edited by

                Thanks. Looks like I'm ok to give it a miss then.

                Moving on, how about LAPS (Local Administrator Password Solution)?
                https://www.microsoft.com/en-us/download/details.aspx?id=46899

                I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                scottalanmillerS hobbit666H 2 Replies Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Carnival Boy
                  last edited by

                  @Carnival-Boy or a solution like Salt.

                  hobbit666H 1 Reply Last reply Reply Quote 0
                  • hobbit666H
                    hobbit666 @scottalanmiller
                    last edited by

                    @scottalanmiller said in PAWs.:

                    @Carnival-Boy or a solution like Salt.

                    Link?

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • hobbit666H
                      hobbit666 @Carnival Boy
                      last edited by

                      @Carnival-Boy said in PAWs.:

                      Thanks. Looks like I'm ok to give it a miss then.

                      Moving on, how about LAPS (Local Administrator Password Solution)?
                      https://www.microsoft.com/en-us/download/details.aspx?id=46899

                      I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                      We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
                      Only the IT Team know this and it isn't written down anywhere.

                      gjacobseG 1 Reply Last reply Reply Quote 0
                      • C
                        Carnival Boy
                        last edited by

                        Pretty much the same here, but it's a really bad idea.

                        1 Reply Last reply Reply Quote 2
                        • scottalanmillerS
                          scottalanmiller @hobbit666
                          last edited by

                          @hobbit666 said in PAWs.:

                          @scottalanmiller said in PAWs.:

                          @Carnival-Boy or a solution like Salt.

                          Link?

                          https://saltstack.com/

                          Specifically...

                          https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_useradd.html

                          1 Reply Last reply Reply Quote 1
                          • gjacobseG
                            gjacobse @hobbit666
                            last edited by

                            @hobbit666 said in PAWs.:

                            @Carnival-Boy said in PAWs.:

                            Thanks. Looks like I'm ok to give it a miss then.

                            Moving on, how about LAPS (Local Administrator Password Solution)?
                            https://www.microsoft.com/en-us/download/details.aspx?id=46899

                            I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                            We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
                            Only the IT Team know this and it isn't written down anywhere.

                            Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

                            dafyreD 1 Reply Last reply Reply Quote 0
                            • dafyreD
                              dafyre @gjacobse
                              last edited by

                              @gjacobse said in PAWs.:

                              @hobbit666 said in PAWs.:

                              @Carnival-Boy said in PAWs.:

                              Thanks. Looks like I'm ok to give it a miss then.

                              Moving on, how about LAPS (Local Administrator Password Solution)?
                              https://www.microsoft.com/en-us/download/details.aspx?id=46899

                              I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                              We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
                              Only the IT Team know this and it isn't written down anywhere.

                              Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

                              :-S -- I hope they have a way to automate that!

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @dafyre
                                last edited by

                                @dafyre said in PAWs.:

                                @gjacobse said in PAWs.:

                                @hobbit666 said in PAWs.:

                                @Carnival-Boy said in PAWs.:

                                Thanks. Looks like I'm ok to give it a miss then.

                                Moving on, how about LAPS (Local Administrator Password Solution)?
                                https://www.microsoft.com/en-us/download/details.aspx?id=46899

                                I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                                We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
                                Only the IT Team know this and it isn't written down anywhere.

                                Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

                                :-S -- I hope they have a way to automate that!

                                Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?

                                dafyreD 1 Reply Last reply Reply Quote 1
                                • dafyreD
                                  dafyre @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in PAWs.:

                                  @dafyre said in PAWs.:

                                  @gjacobse said in PAWs.:

                                  @hobbit666 said in PAWs.:

                                  @Carnival-Boy said in PAWs.:

                                  Thanks. Looks like I'm ok to give it a miss then.

                                  Moving on, how about LAPS (Local Administrator Password Solution)?
                                  https://www.microsoft.com/en-us/download/details.aspx?id=46899

                                  I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).

                                  We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
                                  Only the IT Team know this and it isn't written down anywhere.

                                  Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain

                                  :-S -- I hope they have a way to automate that!

                                  Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?

                                  Well crap... You just stole my idea.

                                  1 Reply Last reply Reply Quote 0
                                  • 1 / 1
                                  • First post
                                    Last post