Educause Security Discussion mailing list archives
Re: Microsoft LAPS
From: Clark Gaylord <cgaylord () VT EDU>
Date: Thu, 18 Jul 2019 06:48:57 -0400
Likewise: use it, love it, addresses big threat Another nice touch: have a scalable way to give users and support desk local admin account instead of domain account, reducing exposure. We don't use it on things like single purpose dedicated web servers and the like, where domain membership/domain admin is potentially more risk than it's worth, but I'm curious if anyone has taken it to this extent. -- Clark Gaylord cgaylord () vt edu ... autocorrect may have improved this message ... On Thu, Jul 18, 2019, 06:17 Seth A. Shestack <shestack () temple edu> wrote:
We have been using LAPS for several years. It is used by both our desktop support and server administration groups. LAPS has enabled us to have a randomized account password that is different on each machine, reset whenever used and at specific intervals. Before LAPS each of these groups had an account they would place in the Administrators group of every device they managed with the same password. Basically an extremely weak security foundation. Regards Seth Seth Shestack Deputy CISO Executive Director, Information Security and Privacy Temple University 1805 N Broad St Wachman Hall 762 Philadelphia PA 19122 215-204-5884 Shestack () temple edu *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *WALTER KERNER *Sent:* Wednesday, July 17, 2019 5:24 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Microsoft LAPS Hi all. I found a thread from 2 years ago asking about Microsoft LAPS for local admin control. Is anyone using it? How do you like it? Any other suggestions for admin password management? Thanks Walter Walter Kerner Assistant Vice President and CISO 212 217 3415 [image: blue and black logo two lines png]
Current thread:
- Microsoft LAPS WALTER KERNER (Jul 17)
- Re: Microsoft LAPS Pete, Andrew (Jul 17)
- Re: Microsoft LAPS Jonathan Andrew Wince (Jul 17)
- Re: Microsoft LAPS King, Ronald A. (Jul 17)
- Re: Microsoft LAPS Jonathan Andrew Wince (Jul 17)
- Re: Microsoft LAPS Richard Applebee (Jul 17)
- Re: Microsoft LAPS Joey Rego (Jul 17)
- Re: Microsoft LAPS Seth A. Shestack (Jul 18)
- Re: Microsoft LAPS Clark Gaylord (Jul 18)
- Re: Microsoft LAPS Joey Rego (Jul 18)
- Re: Microsoft LAPS Manjak, Martin (Jul 18)
- Re: Microsoft LAPS Brian T. Huntley (Jul 18)
- Re: Microsoft LAPS Harry Hoffman (Jul 18)
- Re: Microsoft LAPS McCrone, Kevin (Jul 19)
- Re: Microsoft LAPS Brian T. Huntley (Jul 18)
- Re: Microsoft LAPS Pete, Andrew (Jul 17)
- Re: Microsoft LAPS Dave Broucek (Jul 19)