Windows Best Practise

Security

  1. Manage local administrator

Local Administrator Password Solution (LAPS),The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. More details can be found here

The old solution which is to create a common localadmin in GPO then disable the built-in administrator account has been deprecated due to potential security risk.