Jump to content
GuidoPinamonti

Randomize Local Admin Password

Recommended Posts

Can passwordstate's password reset be used as a Microsoft LAP replacement? Can the Windows local admin password be unique and randomized across the domain and be changed on a regular basis? If so, how can you view the password for a given host? Can this be extended to non-domain joined windows servers and Linux servers? What about servers in Azure?

Share this post


Link to post
Share on other sites

The things you're asking are the actual point of the product PasswordState :)

 

  • Yes every Windows-box can have its own, unique password.
  • PasswordState can discover AD-connected hosts for you.
  • On these AD-connected hosts, PasswordState can login and discover admin accounts for you.
  • Upon discovery, each account can be given a unique password.
  • The password for each account can be retrieved from the relevant user account object in PasswordState.
  • Yes you can also manage the admin/root accounts on non-AD connected hosts, however you will not be able to use the discovery tools. You'll have to either add them manually or by using a script through the API.

Not sure about Azure. :) I doubt that you want Powershell Remoting open on a box in the cloud. Perhaps someone else can weigh in on this topic.

Share this post


Link to post
Share on other sites
Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hi Guido, Buckit is absolutely correct. We have a 'Windows Local Admin Accounts; Discovery Job, which can be found under the Tools menu. There are a few prerequisites to using this feature, which are:

  • You must have added a domain Privileged Account Credential which has permissions to do PowerShell Remoting into your Hosts - you can add these in the Administration area
  • The following document also shows some requirements for this feature i.e. how to enable PowerShell Remoting on all Hosts if not already enabled - https://www.clickstudios.com.au/downloads/version8/Password_Discovery_Reset_and_Validation_Requirements.pdf
  • You must add in all your Host records into Passwordstate - this can be done in the top Hosts tab. There's also a Discovery Job there for them also
  • You must have a Password List created, with the 'Enable Password Resets' option selected, so the Discovery Job can add the accounts into
  • And then you can create the account Discovery Job

We hope this helps.

Regards

Click Studios

 

Share this post


Link to post
Share on other sites
57 minutes ago, support said:
Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hey now! I wasn't going on about Linux boxen thankyouverymuch, they were IoT-devices! My Linux boxen are just fine and dandy ;)

 

Sure, the IoT-devices also run Linux, but they're Special Little Snowflakes (tm).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...