Q&A Remote managing endpoints with local admin credentials

Knuppel

New Member
Jan 25, 2021
4
So to prevent lateral movement I'm configuring serverless LAPS. Local admin passwords are reset every month, and our global local admin account is removed.
Now I want to remote manage a device. Tried with local credentials but no dice. I can open file explorer with these credentials. Opening services through mmc won't even let me choose credentials.

How do you guys remote manage endpoints whilst not using a global admin account?
 
  • Like
Reactions: Stopspying

Knuppel

New Member
Jan 25, 2021
4
The devil is in the details, of which you have left out many.

But, in a nutshell, you have to configure the local admin password on the remote machine every single time the password changes on the local machine. If you do not use the same machine every single time to manage the remote one, then before you can access that remote machine you will need direct access to update the credentials.
Ok just for reference, so we are talking about the same thing here.
The local admin password on the remote machine changes by itself every month, and I can look up this password in Azure Key Vault. I then want to use this password to connect to the remote machine, say through mmc.exe. Thanks for the Microsoft link, the group policies weren't implemented yet.
 
  • Like
Reactions: Stopspying
Top