Educause Security Discussion mailing list archives
Re: Privileged Account Management
From: Eric Lukens <eric.lukens () UNI EDU>
Date: Tue, 6 Dec 2016 11:04:45 -0600
We have deployed LAPS to a majority of our Windows computers. Once you get the schema and the permissions done, the rest is fairly easy. We went so far as to put a LAPS group policy object at the root of the domain. So the only action the techs needed to use the tool was to install the client. Depending on how the various techs used the local admin account will dictate how much of a change it is for them. Some of our techs always had the local admin account disabled, so they didn't notice. It had the side-effect of rooting out some bad practices. I wrote up various guides for our techs to use LAPS. The guides don't cover the initial schema or permissions changes, just the day-to-day installation of the client and use of the tool. I've redacted the possibly sensitive bits. They can be found on my Google Drive at: https://drive.google.com/drive/folders/0B_Rq55JJ90lhTU5sUzAwdVU4VVE?usp=sharing Let me know if you have any questions. -Eric On Tue, Dec 6, 2016 at 10:20 AM, Velislav K Pavlov < VelislavPavlov () ferris edu> wrote:
Greetings, We are reviewing our privileged account management practices and procedures. Has anyone implemented LAPS and cares to share their experience with the implementation and lessons learned? Any other opensource/free solutions that you are using for Linux/Unix and macOS/SOX? The consideration is specifically for local accounts with elevated privileges. Zero budget for commercial products. Thank you. *Vel Pavlov | Coordinator, IT Security * M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, A+ Big Rapids, MI 49307 VelPavlov () ferris edu [image: cid:image001.png@01D24414.DC8BCD70] Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn’t you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this message by mistake, please immediately notify VelPavlov () ferris edu and delete this message and any attachments. Thank you.
-- ============================================================ Eric C. Lukens IT Security Compliance & Policy Analyst Information Security Innov Teaching & Tech Ctr 107 University of Northern Iowa Cedar Falls, IA 50614-0301 (319) 273-7434 http://www.uni.edu/elukens/ ============================================================
Current thread:
- Privileged Account Management Velislav K Pavlov (Dec 06)
- Re: Privileged Account Management Justin Store (Dec 06)
- Re: Privileged Account Management Eric Lukens (Dec 06)
- Re: Privileged Account Management Balge, Jason (Dec 06)