December 27,2023

Local Administrators

It’s daunting to have to secure all the layers of your network and devices, and an important measure toward your defense in-depth strategy is to control the Local Administrator accounts on your servers and computers. The Local Administrator account is built into Windows, and often organizations use the same password for every local admin on all devices (computers and servers). This can be a significant risk because these accounts have elevated privileges and can perform activities such as:

  • Install software,
  • Disable antivirus,
  • Change hardware configurations,
  • Encrypt hard drive boot records,
  • Disable backup agents,
  • Delete or change event logging, and more…

There are multiple solutions to control or restrict local administrator privileges, including disabling all local admins, and/or implementing third party provided endpoint privilege managers. For organizations who want to easily control and change local admin passwords, the Windows LAPS (Local Administrator Password Solution) tool is a free and supported solution. When implemented, Windows LAPS works with either Microsoft Entra or Active Directory to manage local admin account passwords. The primary benefits of Windows LAPS include:
  • Dynamic password management – LAPS can automatically update and change passwords at regular intervals.
  • Centralized management and control – From a centralized management console, admins can use Windows LAPS to define specific users and groups to have access to local admin passwords.
  • Audit trail – Windows LAPS provides forensic data in the event of an incident.
  • Compliance – Windows LAPS can help you meet various regulatory requirements.

Overall, organizations should examine their use of all local accounts on Microsoft Entra joined or Windows Server Active Directory-joined devices. You should examine reports on all the local user accounts and their properties and manage the privileges for those accounts to reduce your cybersecurity risks. Managing the Local Administrator account passwords can be one of the first steps towards mitigating the risks and increasing your control.
Some helpful resources include https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview and https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts


Authored by: David McCabe, MBA, ISC2 CC

You May Want to Read More:

Wanted: Information Security Officer - WST

October 6, 2023

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals....

Here Comes Passkeys! - WST

September 29, 2023

The next version of Windows 11 (23H2) due October 2023 adds support for passkeys. Google also added passkey support for Google accounts back in....

Security Incident Notification Rule and Service Providers - WST

September 21, 2023

Back in November of 2021, the OCC, FRB, and FDIC jointly issued a final rule requiring banking....

Keep your institution off the evening news.


Contact Us