How to configure password for the local administrator account
Configuring a changing local administrator account password, also known as password rotation or password expiration, is beneficial for several reasons:
- Enhanced security: Regularly changing the password for the local administrator account reduces the risk of unauthorized access. Even if a password is compromised, it becomes useless after a certain period when it is changed. This practice minimizes the window of opportunity for attackers to gain access to the system using stolen or cracked passwords.
- Defense against password attacks: Many attackers use techniques like brute force attacks or dictionary attacks to guess or crack passwords. By regularly changing the local administrator password, you make it more difficult for attackers to succeed in their attempts. It forces them to start over and increases the complexity of their task.
- Personnel changes: In organizations where, multiple individuals have access to the local administrator account, such as IT departments or system administrators, password rotation becomes crucial during personnel changes. When an employee leaves the organization or changes roles, it is essential to change the local administrator account password to prevent unauthorized access by former employees or individuals who no longer require administrative privileges.
- Defense against insider threats: Insider threats pose a significant risk to organizations. Employees or individuals with legitimate access can misuse their privileges or become compromised. By rotating the local administrator password, you mitigate the risk of an insider threat maintaining persistent access to the system over an extended period.
It is important to balance password rotation with usability and user experience considerations. Frequently changing passwords can create frustration and potentially lead to the use of weak or easily guessable passwords. Therefore, organizations should establish reasonable password rotation periods and encourage the use of strong, unique passwords during password changes. Additionally, employing other security measures like multi-factor authentication further strengthens the security of the local administrator account.
Steps to configure password for the local administrator account.
Enable the policy
Fill in the description you want for the policy.
Click on the "manage local users & groups" button, to configure on which account the policy will enroll.
Set to ON the "Account management enabled".
Name = you can change the local Administrator name to any other name.
Fill in the full name and the description.
Chose random or manual password:
manual – here you can set the password for the account. click on the "set password" button and fill in the password in the fields.
random – eproc will set a random password for the account.
- To configure the properties of the random password, go to local accounts policy window and click on the "set password policy" button.
- Password complexity = set the Password complexity.
- Enforce
- Interval = set the time that eProc will change the password.
- On change:
when ON if a user changes the password, eProc will change the password immediately.
When OFF if a user changes the password, the password will change based on the interval.
- Offline password = if the options sets to ON, when the computer goes offline the password will reset to the offline password that you configure.
- Click Ok.
- Commit the changes.
to see the random password that eProc set, go to the control center.
Choose a computer and open the menu. Click on Commands from the menu and then on the "Manage accounts passwords", this will open a window with the random password for the local administrator account.
In the member of window, you can add or remove the user from groups.
Set alerts options – open the 'local accounts alerts' window where you can set what alerts should be created and sent to email.
Filter
whether the policy will enroll on all computers or on a specific computer/s by choosing the filter.
When you finish all the configuration, commit the changes.
For any additional information, please contact support@eprocsolutions.com