News Stay informed about the latest enterprise technology news and product updates.

Local Administrator Password Solution aims to stop credential replay

Microsoft has released its Local Administrator Password Solution for a common admin login account across all domain-joined computers in hopes that it will decrease pass-the-hash attacks.

Microsoft has released a tool for creating a common administrator login account for all domain-joined computers...

in an effort to reduce credential replay attacks.

Microsoft's Local Administrator Password Solution (LAPS) aims to stop the practice of using identical passwords for each computer by setting a random password for the common local administrator account on each computer in the domain. Domain administrators can then determine which users are given access to read the passwords.

Microsoft said that this tool should mitigate instances where compromised local account credentials can be used to elevate privileges and escalate an attack. Additionally, the tool should reduce the risk of a pass-the-hash credential replay attack in larger environments where local administrator credentials are needed for login without domain access.

The LAPS tool is designed to automatically manage local administrator account passwords on domain-joined computers. The passwords for each machine will be randomly generated and stored in Microsoft's Active Directory infrastructure, in a confidential attribute.

Next Steps

Learn how to stop pass-the-hash attacks on Windows 8.1 and Windows Server 2012.

Dig Deeper on Active Directory security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you think the Microsoft LAPS tool will increase security for domain-joined computers?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close