vGeek: Local Administrator Password Solution (LAPS)

Microsoft has offered a software LAPS (Local Administrator password solution), it solves the problem of common password of local administrator account on the every computers in a domain. For example on all domain joined computer’s Administrator password will be unique and only domain Admins or specific groups are authorized to view that password. LAPS only works on Domain Joined computers. Below are the some advantages of using LAPS.

  • Periodically randomize local administrator passwords to ensure that password updates to Active Directory succeed before modifying local secrets and passwords.

  • Centrally store secrets in the existing Active Directory infrastructure.

  • Control access through Active Directory access control list (ACL) permissions.

  • Transmit encrypted passwords from computers to Active Directory via encryption using the Kerberos version 5 protocol and the Advanced Encryption Standard (AES) cypher by default.

Source : vGeek: Local Administrator Password Solution (LAPS)

vGeek: Local Administrator Password Solution (LAPS)