PAWs.
-
Privileged Access Workstations
https://technet.microsoft.com/windows-server-docs/security/securing-privileged-access/privileged-access-workstationsDo you use them?
I use separate user and admin accounts, but have never considered using separate workstations. How common a practice is this? TBH, I'd never even heard of PAWs until the other day.
-
People talk about this stuff a bit but I doubt that many places are doing it.
-
I've heard of it once, at a previous employer as something that may need to be done.
Instead they just opt'd to not give out credentials willy-nilly.
-
Never heard of it and don't want too from the looks from clicking that link
lol -
It is an interesting concept - but i don't see it being implemented often.
I have however locked down access to certain users to certain PCs - but it was for a Computer Lab - the Student User was limited to only being able to sign in there.
-
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
-
@Carnival-Boy or a solution like Salt.
-
-
@Carnival-Boy said in PAWs.:
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere. -
Pretty much the same here, but it's a really bad idea.
-
@hobbit666 said in PAWs.:
@scottalanmiller said in PAWs.:
@Carnival-Boy or a solution like Salt.
Link?
Specifically...
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_useradd.html
-
@hobbit666 said in PAWs.:
@Carnival-Boy said in PAWs.:
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain
-
@hobbit666 said in PAWs.:
@Carnival-Boy said in PAWs.:
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain
:-S -- I hope they have a way to automate that!
-
@hobbit666 said in PAWs.:
@Carnival-Boy said in PAWs.:
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain
:-S -- I hope they have a way to automate that!
Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?
-
@scottalanmiller said in PAWs.:
@hobbit666 said in PAWs.:
@Carnival-Boy said in PAWs.:
Thanks. Looks like I'm ok to give it a miss then.
Moving on, how about LAPS (Local Administrator Password Solution)?
https://www.microsoft.com/en-us/download/details.aspx?id=46899I have to confess my attitude towards local admin accounts has been lax at best, and I need to change. I don't know whether to implement LAPS or just store local admin account passwords in Keepass or similar (or even Excel).
We set-up all computers with the same local admin account and secure password e.g. LOCADMIN - ImSecure!12
Only the IT Team know this and it isn't written down anywhere.Virginia State agency goes beyond the 'LOCADMIN - ImSecure!12' in that they change ALL Admin creds every 30 days.... what a pain
:-S -- I hope they have a way to automate that!
Like a printer that prints PostIt Notes with the new password and a robot that goes around sticking them to everyone's monitors?
Well crap... You just stole my idea.
