Jump to content

Randomize Local Admin Password


GuidoPinamonti

Recommended Posts

Can passwordstate's password reset be used as a Microsoft LAP replacement? Can the Windows local admin password be unique and randomized across the domain and be changed on a regular basis? If so, how can you view the password for a given host? Can this be extended to non-domain joined windows servers and Linux servers? What about servers in Azure?

Link to comment
Share on other sites

The things you're asking are the actual point of the product PasswordState :)

 

  • Yes every Windows-box can have its own, unique password.
  • PasswordState can discover AD-connected hosts for you.
  • On these AD-connected hosts, PasswordState can login and discover admin accounts for you.
  • Upon discovery, each account can be given a unique password.
  • The password for each account can be retrieved from the relevant user account object in PasswordState.
  • Yes you can also manage the admin/root accounts on non-AD connected hosts, however you will not be able to use the discovery tools. You'll have to either add them manually or by using a script through the API.

Not sure about Azure. :) I doubt that you want Powershell Remoting open on a box in the cloud. Perhaps someone else can weigh in on this topic.

Link to comment
Share on other sites

Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hi Guido, Buckit is absolutely correct. We have a 'Windows Local Admin Accounts; Discovery Job, which can be found under the Tools menu. There are a few prerequisites to using this feature, which are:

  • You must have added a domain Privileged Account Credential which has permissions to do PowerShell Remoting into your Hosts - you can add these in the Administration area
  • The following document also shows some requirements for this feature i.e. how to enable PowerShell Remoting on all Hosts if not already enabled - https://www.clickstudios.com.au/downloads/version8/Password_Discovery_Reset_and_Validation_Requirements.pdf
  • You must add in all your Host records into Passwordstate - this can be done in the top Hosts tab. There's also a Discovery Job there for them also
  • You must have a Password List created, with the 'Enable Password Resets' option selected, so the Discovery Job can add the accounts into
  • And then you can create the account Discovery Job

We hope this helps.

Regards

Click Studios

 

Link to comment
Share on other sites

57 minutes ago, support said:
Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hey now! I wasn't going on about Linux boxen thankyouverymuch, they were IoT-devices! My Linux boxen are just fine and dandy ;)

 

Sure, the IoT-devices also run Linux, but they're Special Little Snowflakes (tm).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...