Show Article with tag "administration"

  In this Ask the Admin, I’ll discuss setting up Active Directory to support a secure tiered administrative model and Privileged Access Workstations (PAWs). At the end of last year, I wrote several posts on how to administer Active Directory securely. Some of the concepts in those articles might have been new to you, such as the clean source principle and tiered administration. If you need to recap those topics, see Managing Privileged Access to Active Directory, Why You Should Use Microsoft’s Active Directory Tier Administrative Model, and Secure Active Directory Using the Clean Source Principle on Petri. I also mentioned Privileged Access Workstations, which use a dedicated installation of […]

Local administrator accounts are commonly configured with the same password across all devices in corporate environments, making it easy for attackers to own every device if the password is compromised. Microsoft’s security baseline templates block remote use of local accounts because until Local Administrator Password Solution (LAPS) was released in 2015, there was no mechanism for securely managing local administrator accounts. LAPS is a free tool from Microsoft that randomizes local admin passwords every 30 days and stores them securely in Active Directory for each computer account. The risk posed by local administrator accounts can be managed by manually setting a random password on each device and then recording it […]