CCE-99485-5Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2023-09-08 (M)2023-10-13 |
Local Administrator Password Solution (LAPS) tool is free and supported software that allows an organization to automatically set randomized and unique local Administrator account passwords on domain-attached workstations and member servers. The passwords are stored in a confidential attribute of the domain computer account and can be retrieved from Active Directory by approved Sysadmins when needed.
The LAPS tool requires a small Active Directory Schema update in order to implement, as well as installation of a Group Policy Client Side Extension (CSE) on targeted computers.
Please see the LAPS documentation for details.
LAPS supports Windows Vista or newer workstation OSes, and Server 2003 or newer server OSes. LAPS does not support standalone computers - they must be joined to a domain.
Note: Organizations that utilize 3rd-party commercial software to manage unique and complex local Administrator passwords on domain members may opt to disregard these LAPS recommendations.
Fix:
(2) REG: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{D76B9641-3288-4f75-942D-087DE603E3EA}!DllName
Parameter:
[yes/no]
Technical Mechanism:
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}!DllName
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: LOCAL |
Exploit Score: 2.0 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92721 |