ActiveDir] GP Preference - Local Admin Passwords

  • 85 Views
  • Last Post 20 January 2016
rwf4 posted this 20 January 2016

> How do you manage local admin passwords?

Enterprise vaulting solution.

 

Password vaulting solutions such as BeyondTrust, Dell or CyberArk are a viable option. No one, not even Domain Admins, ever need know the passwords.



 

You can corral all privileged accounts, not just the 500 and audit them much more comprehensively than just LAPS could...albeit at a price for the commercial

solutions. There are also low cost and OSS options.

 

It’s also a good time to be thinking about cohesive privilege management to constrain lateral movement and privilege escalation within your environment. Some

of the commercial solutions address it holistically.

 

There are a plethora of available solutions.  Suggested search term “enterprise password vault” and “privileged access management “ for starters.



 

https://en.wikipedia.org/wiki/Passwordmanagement#Privilegedpasswordmanagement

https://en.wikipedia.org/wiki/PrivilegedIdentityManagement

 

 

 

 

show

patrickg posted this 20 January 2016

+1

 

Only downside is cost.

 

For smaller shops, take a look at KeePass (www.keepass.info). Not nearly as nice as some of the vaulting solutions but significantly cheaper.

 

 

~Patrick

 

show

Close