Tag Archive: LAPSDelegation

Jan 27

Active Directory Recon Without Admin Rights

A fact that is often forgotten (or misunderstood), is that most objects and their attributes can be viewed (read) by authenticated users (most often, domain users). The challenge is that admins may think that since this data is most easily accessible via admin tools such as “Active Directory User and Computers” (dsa.msc) or “Active Directory …

Continue reading »

Sep 15

Microsoft Local Administrator Password Solution (LAPS)

The Issue The real problem with local accounts on a computer in an enterprise environment is that the term “local” is a misnomer. If 50 computers on a network have the local administrator account of “Administrator” and a password of “P@55w0rd1!”, first of all that’s a HORRIBLE password. Second of all and more to the …

Continue reading »