Educause Security Discussion mailing list archives
Re: Microsoft LAPS
From: "McCrone, Kevin" <kmccrone () ILSTU EDU>
Date: Fri, 19 Jul 2019 13:19:08 +0000
We have run into that issue, mostly with test virtual machines that are reset to a previous snapshot or checkpoint from before the last LAPS password change. We use the Microsoft DaRT tool (part of MDOP) which includes a Locksmith capability to reset the password. DaRT’s locksmith is Windows OS version specific, including Windows 10 build specific. https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/dart-v10/overview-of-the-tools-in-dart-10 Good luck! -- Kevin From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Harry Hoffman Sent: Thursday, July 18, 2019 6:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Microsoft LAPS [This message came from an external source. If suspicious, report to abuse () ilstu edu<mailto:abuse () ilstu edu>] Just curious. We’ve run into an issue where we need to restore a backup of a system and the local admin password is now out of sync with LAPS. Have others run into this? And if so what’s your procedure for handling it? Cheers, Harry On Fri, Jul 19, 2019 at 3:02 AM Brian T. Huntley <bhuntley () clarkson edu<mailto:bhuntley () clarkson edu>> wrote: We've been running it on all domain-joined machines for a couple of years now. Rollout was a snap and it's been glitch-free (*knocks on head*). The only scenario we've had challenges with is when a machine ends up in some weird state where it think's it's fallen out of the domain but LAPS has nevertheless continued to roll over the password. I think it's happened twice. Our desktop folks chalked it up to yet another layer of badness on a machine that was probably already ripe for a re-image. Brian Brian T. Huntley, CISSP Director of Network Services and Information Security Office of Information Technology Clarkson University 315.268.6723 On Thu, Jul 18, 2019 at 8:18 AM Manjak, Martin <mmanjak () albany edu<mailto:mmanjak () albany edu>> wrote: Walter, We rolled it out this spring to central IT supported systems. That success enabled us to promote it to the two other domains that are part of our forest and they are adopting it as well. Next step is to inventory all the other accounts that are members of the local admin group and see what we can do to clean those up. Marty Manjak CISO University at Albany From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of WALTER KERNER Sent: Wednesday, July 17, 2019 5:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Microsoft LAPS Hi all. I found a thread from 2 years ago asking about Microsoft LAPS for local admin control. Is anyone using it? How do you like it? Any other suggestions for admin password management? Thanks Walter Walter Kerner Assistant Vice President and CISO 212 217 3415 [blue and black logo two lines png]
Current thread:
- Re: Microsoft LAPS, (continued)
- Re: Microsoft LAPS Jonathan Andrew Wince (Jul 17)
- Re: Microsoft LAPS King, Ronald A. (Jul 17)
- Re: Microsoft LAPS Jonathan Andrew Wince (Jul 17)
- Re: Microsoft LAPS Richard Applebee (Jul 17)
- Re: Microsoft LAPS Joey Rego (Jul 17)
- Re: Microsoft LAPS Seth A. Shestack (Jul 18)
- Re: Microsoft LAPS Clark Gaylord (Jul 18)
- Re: Microsoft LAPS Joey Rego (Jul 18)
- Re: Microsoft LAPS Manjak, Martin (Jul 18)
- Re: Microsoft LAPS Brian T. Huntley (Jul 18)
- Re: Microsoft LAPS Harry Hoffman (Jul 18)
- Re: Microsoft LAPS McCrone, Kevin (Jul 19)
- Re: Microsoft LAPS Brian T. Huntley (Jul 18)
- Re: Microsoft LAPS Dave Broucek (Jul 19)