Educause Security Discussion mailing list archives
Re: Microsoft LAPS
From: "Gioia, Matthew P." <MGioia () STLCC EDU>
Date: Wed, 2 Aug 2017 16:57:55 +0000
We are currently rolling out a new process for this, using a powershell script provided by Jason Fossen: https://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise We have tweaked it to our environment, and have tiers of local admins (servers, desktops, etc.) that require use of different certificates to obtain the encrypted passwords. We are a medium sized shop so the certificate management is not awful. We are also contemplating integrating this with smartcards (storing the recovery cert on them) in the future. I, and our infrastructure folks, preferred this solution over LAPS for some of the reasons mentioned in the article. Matthew Gioia 314.539.5075 Information Security, IT St. Louis Community College From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rogers, John Sent: Tuesday, August 1, 2017 10:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Microsoft LAPS Is anyone using Microsoft LAPS for computer admin password management? If so, does it work well? Any gotchas when implementing or using it? Any limitations we should be know about? Thanks, John Rogers IT Security Engineer Information Technology Department Oklahoma State University John.Rogers () okstate edu<mailto:John.Rogers () okstate edu> 405-744-2752
Current thread:
- Microsoft LAPS Rogers, John (Aug 01)
- Re: Microsoft LAPS Francisco Chavez (Aug 01)
- Re: Microsoft LAPS Reyor, William F. (Aug 01)
- Re: Microsoft LAPS Francisco Chavez (Aug 01)
- Re: Microsoft LAPS Haas, Mike (Aug 01)
- Re: Microsoft LAPS Francisco Chavez (Aug 01)
- Re: Microsoft LAPS Reyor, William F. (Aug 01)
- Re: Microsoft LAPS Gioia, Matthew P. (Aug 02)
- Re: Microsoft LAPS Francisco Chavez (Aug 01)