tadamichi - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Local Administrator Password Solution aims to stop credential replay

Microsoft has released its Local Administrator Password Solution for a common admin login account across all domain-joined computers in hopes that it will decrease pass-the-hash attacks.

Microsoft has released a tool for creating a common administrator login account for all domain-joined computers...

in an effort to reduce credential replay attacks.

Microsoft's Local Administrator Password Solution (LAPS) aims to stop the practice of using identical passwords for each computer by setting a random password for the common local administrator account on each computer in the domain. Domain administrators can then determine which users are given access to read the passwords.

Microsoft said that this tool should mitigate instances where compromised local account credentials can be used to elevate privileges and escalate an attack. Additionally, the tool should reduce the risk of a pass-the-hash credential replay attack in larger environments where local administrator credentials are needed for login without domain access.

The LAPS tool is designed to automatically manage local administrator account passwords on domain-joined computers. The passwords for each machine will be randomly generated and stored in Microsoft's Active Directory infrastructure, in a confidential attribute.

Next Steps

Learn how to stop pass-the-hash attacks on Windows 8.1 and Windows Server 2012.

Dig Deeper on Active Directory security