Looks like they've finally formalized an internal dev effort that's a couple of years old. It requires a schema extension, IIRC, which might be pose a problem for some.
It doesn't look like they've fixed the problem that the passwords, as stored in AD, are not encrypted. This becomes a problem only if permissions are accidentally/improperly granted for read access to the attributes. There is an alternative from SANS that doesn't require an AD schema extension, and keeps the passwords encrypted: http://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise Kurt On Mon, May 4, 2015 at 6:27 AM, Kennedy, Jim <[email protected]> wrote: > Looks promising. Local Admin Password Solution. Generates them and stores > them in AD for you…. > > > > > > https://technet.microsoft.com/en-us/library/security/3062591.aspx > >
