Solution automatically manages local administrator
password on domain joined computers, so as the password is:
- Unique on each managed computer
- Randomly generated
- Securely stored in AD infrastructure
Solution is built upon just AD
infrastructure, so there is no need to install and support other technologies. Solution itself is a Group Policy Client
Side Extension that is installed on managed machines and performs all
management tasks.
Core of the solution is GPO Client side
Extension (CSE) that performs the following tasks during GPO update:
- Checks whether the password of local Administrator account has expired or not
- Generates the new password when old password expired or is required to be changed prior to expiration
- Changes the password of Administrator account
- Reports the password to password Active Directory, storing it in confidential attribute with computer account in AD
- Reports the next expiration time to Active Directory, storing it in confidential attribute with computer account in AD
- Password then can be read from AD by users who are allowed to do so
- Password can be forced to be changed by eligible users
 |
| Architecture of the solution |