Re: Microsoft LAPS

["Brian T. Huntley" <bhuntley () CLARKSON EDU>]

We've been running it on all domain-joined machines for a couple of years
now.  Rollout was a snap and it's been glitch-free (*knocks on head*).

The only scenario we've had challenges with is when a machine ends up in
some weird state where it think's it's fallen out of the domain but LAPS
has nevertheless continued to roll over the password.  I think it's
happened twice.  Our desktop folks chalked it up to yet another layer of
badness on a machine that was probably already ripe for a re-image.

Brian

Brian T. Huntley, CISSP
Director of Network Services and Information Security
Office of Information Technology
Clarkson University
315.268.6723


On Thu, Jul 18, 2019 at 8:18 AM Manjak, Martin <mmanjak () albany edu> wrote:

> Walter,
>
>
>
> We rolled it out this spring to central IT supported systems. That success
> enabled us to promote it to the two other domains that are part of our
> forest and they are adopting it as well.
>
>
>
> Next step is to inventory all the other accounts that are members of the
> local admin group and see what we can do to clean those up.
>
>
>
> Marty Manjak
>
> CISO
>
> University at Albany
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *WALTER KERNER
> *Sent:* Wednesday, July 17, 2019 5:24 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Microsoft LAPS
>
>
>
> Hi all.  I found a thread from 2 years ago asking about Microsoft LAPS for
> local admin control.  Is anyone using it?  How do you like it?  Any other
> suggestions for admin password management?  Thanks
>
>
>
>
>
>
>
> Walter
>
>
>
> Walter Kerner
>
> Assistant Vice President and CISO
>
> 212 217 3415
>
> [image: blue and black logo two lines png]