RECOMMENDED: Click here to fix Windows errors and optimize system performance
Microsoft has released Local Administrator Password Solution. LAPs solve the problem of using a shared local account with an identical password on each Windows computer in a domain by setting a different random password for the shared local administrator account on each computer in the domain.
Local Administrator Password Solution
This solution automatically manages the local administrator password on the domain computers so that the password is:
- Unique on any managed computer
- Randomly generated
- Securely stored in AD infrastructure.
- Password protection during transport by Kerberos encryption
- Password is protected in AD by AD ACL
- Effectively reduce pass-the-hash attack
- Configurable password settings : Age, complexity, length
- Ability to force password reset
- Integrated security model with AD LCD
- End user interface can be any AD management tool,
- PowerShell and Fat Client are provided
- Protection against deleting computer accounts
- Easy implementation and minimum space required
- Additional password encryption stored in AD
- Password history
- Web UI.
Domain administrators using this solution can specify which users, such as helpdesk administrators, are allowed to read passwords.