Local Administrator Password Solution (LAPS)
Solution automatically manages local administrator password on domain joined computers, so as the password is: Unique on each managed computer Randomly generated Securely stored in AD infrastructure Solution is built upon just AD infrastructure, so there is no need to install and support other technologies. Solution itself is a Group Policy Client Side Extension that is installed on managed machines and performs all management tasks. Core of the solution is GPO Client side Extension (CSE) that performs the following tasks during GPO update: Checks whether the password of local Administrator account has expired or not Generates the new password when old password expired or is required to be changed prior to expiration Changes the password of Administrator account Reports the password to password Active Directory, storing it in confidential attribute with computer account in AD Reports the next expiration time to Active Directory, storing...