I'm looking for a way to create local 'break glass' admin accounts on each computer in my network. Ever since the MS14-025 update, I can't distribute local admin accounts through Group Policy like I used to. This means I'll have to manually create them on every single machine. I want to ensure that if the network goes down, someone can still log in as an administrator. What are the best practices for doing this?
3 Answers
Have you looked into LAPS (Local Administrator Password Solution)? It's a great way to manage local admin passwords on systems securely. If you set it up right, you won't need to worry about manually creating accounts across all machines.
You definitely want to check out LAPS, especially with the new Azure Windows LAPS. It allows you to manage admin accounts more effectively, even when devices aren’t connected to the network.
If you're not into LAPS, consider using an IPsec VPN that allows pre-login authentication. Pair it with an MDM solution that supports remote PowerShell for administration tasks.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures