Name of administrator account to manageID: oval:org.secpod.oval:def:35112 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
Administrator account name: name of the local account you want to manage password for.
DO NOT configure when you use built-in admin account. Built-in admin account is auto-detected by well-known SID, even when renamed
DO configure when you use custom local admin account
Counter Measure:
Enable this setting and add the list of local administrators to the list.
Potential Impact:
Local administrator passwords are changed as managed.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\LAPS\Name of administrator account to manage
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd!AdminAccountName
Platform: |
Microsoft Windows 10 |