What do you do for domain join issues, where local accounts are the only option?
Daniel Ratliff From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike Sent: Tuesday, April 11, 2017 2:15 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: Opinions Local Admin We actually developed a utility that ran as a service to create a unique password for each machine and change it every day. The algorithm factored in the name of the computer and the date when generating the password. If we ever needed to use the password we had a corresponding tool that would calculate out what the password for a given machine was for the day. We ran with that for at least 10 years or so, then about 2 years ago we just used Group Policy to disable all local accounts. For a while we were thinking about LAPS, but opted for disabling the local accounts. Mike From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: Tuesday, April 11, 2017 1:37 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] Opinions Local Admin Hi, We are talking about creating unique local admin passwords for our systems (vs changing it regularly). I’m wondering how many folks actually create unique local admin passwords vs just changing it regularly? ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
