{"id":743,"date":"2016-07-06T06:19:50","date_gmt":"2016-07-06T04:19:50","guid":{"rendered":"https:\/\/www.em-soft.si\/myblog\/elvis\/?p=743"},"modified":"2016-07-06T06:19:50","modified_gmt":"2016-07-06T04:19:50","slug":"make-your-local-admin-account-more-secure","status":"publish","type":"post","link":"https:\/\/em-soft.si\/myblog\/elvis\/?p=743","title":{"rendered":"Make your Local Admin account more secure"},"content":{"rendered":"<p><span style=\"font-family: times new roman,times,serif; font-size: 12pt;\">It is about a year from when Microsoft released <strong>LAPS<\/strong> (<em>Local Administrator Password Solution<\/em>). This is a great tool for keeping your local admins under control and secure.<\/span><br \/>\n<span style=\"font-family: times new roman,times,serif; font-size: 12pt;\">As we know, a lot of local accounts have weak passwords and we don&#8217;t care about this. This\u2019s dangerous! Even if you have a weak local admin password, you can still break a PC with him. If you have the same password for local admins in entire environment, you can have a problem when someone knows this password\u2026 Thinking in this way, we have a lot of reasons why to use LAPS. And it is simple to install and use it; it is true that will extend AD schema, but don&#8217;t care about this \u2013 it is not critical.<\/span><br \/>\n<span style=\"font-family: times new roman,times,serif; font-size: 12pt;\"><strong>LAPS is downloadable<\/strong> from\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=46899\" target=\"_blank\">here<\/a> and it is <strong>FREE<\/strong>. <a href=\"https:\/\/flamingkeys.com\/2015\/05\/deploying-the-local-administrator-password-solution-part-1\/\" target=\"_blank\">Here<\/a> is also nice post how to install and configure it and this is all you need.<\/span><br \/>\n<span style=\"font-family: times new roman,times,serif; font-size: 12pt;\">The only problem that I had is enabling and renaming local admin account true <strong>GPO<\/strong>, but here is also a very easy trick:<\/span><br \/>\n<span style=\"font-family: times new roman,times,serif; font-size: 12pt;\">When I install client operating system thru MDT or System Center, I always disable admin account in the last step. It is more secure, but you can have problems if something goes wrong with computer relationship in domain. If you have the same situation, you have to enable Account in Group policy setting Computer <em>Configuration &gt; Polices &gt; Windows Settings &gt; Security Settings &gt; Local Polices &gt; Security Options<\/em> by enabling setting <em><strong>Accounts: Administrator Account Status<\/strong><\/em>. After doing this, it is suggested also to rename Administrator account. This could be done in the same place with setting <em><strong>Account: Rename Administrator account<\/strong> <\/em>or thru Group policy preferences.<\/span><\/p>\n<p><a href=\"https:\/\/em-soft.si\/myblog\/elvis\/?attachment_id=744\" rel=\"attachment wp-att-744\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-744\" src=\"https:\/\/em-soft.si\/myblog\/elvis\/wp-content\/uploads\/2016\/07\/GPO_LocalAdmin-252x300.png\" alt=\"GPO_LocalAdmin\" width=\"252\" height=\"300\" srcset=\"https:\/\/em-soft.si\/myblog\/elvis\/wp-content\/uploads\/2016\/07\/GPO_LocalAdmin-252x300.png 252w, https:\/\/em-soft.si\/myblog\/elvis\/wp-content\/uploads\/2016\/07\/GPO_LocalAdmin.png 434w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It is about a year from when Microsoft released LAPS (Local Administrator Password Solution). This is a great tool for keeping your local admins under control and secure. As we know, a lot of local accounts have weak passwords and we don&#8217;t care about this. This\u2019s dangerous! Even if you have a weak local admin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,15],"tags":[17,40],"class_list":["post-743","post","type-post","status-publish","format-standard","hentry","category-management","category-windows-server","tag-essentials-server-2","tag-windows-server"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=743"}],"version-history":[{"count":1,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/743\/revisions"}],"predecessor-version":[{"id":745,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/743\/revisions\/745"}],"wp:attachment":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}