Remember:
"Layered Security" is the common sense approach.
So, this is one additional layer
But , on the downside it makes Active Directory a more attractive Honey pot
Windows admins have long used a common local account with the same password on computers in the same domain. This provides attackers with a single point of failure to target; one password affords access to every machine. What the LAPS tool does is set a random password for the common local admin account on machines in the same domain, Microsoft said
Try the following link for more details:
https://technet.microsoft.com/en-us/library/security/3062591.aspx
No comments:
Post a Comment