OK, so the quote is not exactly correct.
When dealing with a large network, you will often run into a problem with local admin access to a desktop. Which is to say, normal routine is to disable such accounts (a good idea) and use some sort of network based desktop admin account. That works, so long as the machine is authenticating to the network. What happens when that fails?
In many organizations they set a password for a local admin account that can be computed per-device off of the asset tag. Which is great, but what happens when a team member leaves the IT dept? Do you change the way its computed and then change all those local passwords? What happens if you miss one? How about when you have one person leave per month for three months?
Well, there is an answer. Its not perfect but its pretty damn good. Its SHIPS.
SHIPS stands for Shared Host Integrated Password System which tells you someone really wanted the acronym to spell ships. SHIPS is a system that automatically changes local admin passwords on Mac, Windows and Linux. It keeps track of current and past passwords, changes them regularly, keeps track of who checked them out and allows for full accountability.
Its the free Thycotic for the local admin accounts.
Its a great tool and an excellent addition to the IT Security toolbox.
(the install manual is here)
No comments:
Post a Comment