We actually developed a utility that ran as a service to create a unique password for each machine and change it every day. The algorithm factored in the name of the computer and the date when generating the password.
If we ever needed to use the password we had a corresponding tool that would calculate out what the password for a given machine was for the day. We ran with that for at least 10 years or so, then about 2 years ago we just used Group Policy to disable all local accounts. For a while we were thinking about LAPS, but opted for disabling the local accounts. Mike From: [email protected] [mailto:[email protected]] On Behalf Of Burke, John Sent: Tuesday, April 11, 2017 1:37 PM To: [email protected] Subject: [mssms] Opinions Local Admin Hi, We are talking about creating unique local admin passwords for our systems (vs changing it regularly). I’m wondering how many folks actually create unique local admin passwords vs just changing it regularly? ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
