Enable local admin password managementID: oval:org.secpod.oval:def:40186 | Date: (C)2017-04-25 (M)2023-09-20 |
Class: COMPLIANCE | Family: windows |
Enables management of password for local administrator account. If you enable this setting, local administrator password is managed. If you disable or not configure this setting, local administrator password is NOT managed. Vulnerability: Disabling or not configuring this setting can compromise security as it may allow a malicious agent to reverse engineer a password that is not managed.Counter Measure: Enable this setting.Potential Impact: Local administrator passwords are changed as managed.Fix:(1) GPO: Computer Configuration\Administrative Templates\LAPS\Enable local admin password management(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd!AdmPwdEnabled
Platform: |
Microsoft Windows Server 2016 |