We all know that local account security is important, as you should never use defaults. But one thing that gets me over the years is the constant re-used of local administrator passwords over and over again. I see this and I cringe, I get why this is done this way, but the insanity!
I’d like to bring aware that this is a BAD practice, and from a cybersecurity professional it makes me cry, cause its such an easy thing to remediate.
I personally use very complex password for every desktop and server that is unique and while management of these passwords is a art to itself, Microsoft does have a solution: Local Administration Password Solution (LAPS).
Here is a short brief from the Microsoft page dedicated to it:
“The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.”
This solution should be installed on all member domain-joined servers and all domain-joined desktops/laptops/tablets as a means to further protect these devices against attack’s. Its just one more layer in the defense-in-depth strategy you should employ to protect your Active Directory-connected Infrastructure.
I’ve provided a link to the x64 bit installer package here: Download