Eligible users can request a password change for a computer. The password then can be read from Active Directory by users who are allowed to do so. Changes the password of the Administrator account.Reports the next expiration time for the password to Active Directory, storing it with an attribute with the computer account in Active Directory.Reports the password to Active Directory, storing it with a confidential attribute with the computer account in Active Directory.Validates the new password against the password policy.Generates a new password when the old password is either expired or is required to be changed prior to expiration.Checks whether the password of the local Administrator account has expired.The core of the LAPS solution is a GPO client-side extension (CSE) that performs the following tasks and can enforce the following actions during a GPO update: The solution’s management tools provide easy configuration and administration. LAPS uses a Group Policy client-side extension (CSE) that you install on managed computers to perform all management tasks. The solution is built on Active Directory infrastructure and does not require other supporting technologies. Use LAPS to automatically manage local administrator passwords on domain joined computers so that passwords are unique on each managed computer, randomly generated, and securely stored in Active Directory infrastructure. The computer is allowed to update its own password data in Active Directory, and domain administrators can grant read access to authorized users or groups, such as workstation helpdesk administrators. LAPS stores the password for each computer’s local administrator account in Active Directory, secured in a confidential attribute in the computer’s corresponding Active Directory object. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers. LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. The Local Administrator Password Solution (LAPS) provides a solution to this issue of using a common local account with an identical password on every computer in a domain. Such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack. No functionality has been added or modified.įor environments in which users are required to log on to computers without domain credentials, password management can become a complex issue. Note: the only change in this release is that the binaries and installer package have been recompiled and signed with SHA256.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |