{"id":127,"date":"2021-12-06T17:12:02","date_gmt":"2021-12-06T17:12:02","guid":{"rendered":"https:\/\/12stick.de\/?page_id=127"},"modified":"2021-12-10T18:32:14","modified_gmt":"2021-12-10T18:32:14","slug":"what-about-using-laps","status":"publish","type":"page","link":"https:\/\/www.12beAdmin.com\/?page_id=127","title":{"rendered":"What about using LAPS?"},"content":{"rendered":"\n<p><strong>You should have both!<\/strong>&nbsp;If you are running&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=46899\" target=\"_blank\">LAPS (Local Admin Password Solution)<\/a>&nbsp;from Microsoft, you already have a individual password for one local administrative Account on each machine. This can be the origin Administrator with the RID 500 or a custom one. This Account&nbsp;<strong>can not<\/strong>&nbsp;be easily managed centrally by AD. Account Expiration, Enable\/Disable Account on demand, Change Password etc is handled by the local machine (SAM), which is possibly firewalled or not reachable by RPC.<\/p>\n\n\n\n<p><strong>Advantage:<\/strong>&nbsp;The local account can be used offline without connection to the AD. There are many usecases for using the local adminaccount.<\/p>\n\n\n\n<p><strong>Disadvantage:<\/strong>\u00a0The local account can not be controlled from AD. Sometimes you need access to your network to install software or get content or read\/write ressources from your network in general. The AD user can be handled like any other user. You can assign NTFS permissions, integrate it into existing groups etc.<\/p>\n\n\n\n<p><strong>Benefit of AD Users and Groups:<\/strong>&nbsp;You can use the&nbsp;<em>computername-admins<\/em>&nbsp;group to permanently gain administrative rights on an indivudual machine. Aswell, you can create personal user accounts for your Administrators and handle them like the&nbsp;<em>computername-admin<\/em>. Enable it on demand, add an expiration, probably keep the password<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You should have both!&nbsp;If you are running&nbsp;LAPS (Local Admin Password Solution)&nbsp;from Microsoft, you already have a individual password for one local administrative Account on each machine. This can be the origin Administrator with the RID 500 or a custom one. This Account&nbsp;can not&nbsp;be easily managed centrally by AD. Account Expiration, Enable\/Disable Account on demand, Change &#8230; <a title=\"What about using LAPS?\" class=\"read-more\" href=\"https:\/\/www.12beAdmin.com\/?page_id=127\" aria-label=\"Mehr Informationen \u00fcber What about using LAPS?\">Weiterlesen<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-127","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/pages\/127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=127"}],"version-history":[{"count":6,"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/pages\/127\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=\/wp\/v2\/pages\/127\/revisions\/224"}],"wp:attachment":[{"href":"https:\/\/www.12beAdmin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}