AD Local Admins without password sharing
Posted
by
Cocoabean
on Server Fault
See other posts from Server Fault
or by Cocoabean
Published on 2012-03-16T22:03:16Z
Indexed on
2012/03/19
10:07 UTC
Read the original article
Hit count: 204
active-directory
My team is building out an Active Directory environment in a small grad school with support for general computer labs, and staff/faculty machine and account management.
We have a team of student consultants that are hired to do general help desk work. As of now we have a local admin account on every machine. It has the same password and all of us know it. I know it's not best practice and I want to avoid this with the new setup. We want to have local admin accounts in case there are network issues that prevent AD authentication, but we do not want this account to be generic with a shared password. Is there a way we can get each machine to cache the necessary information to authenticate a group of local admins so that if AD is somehow inaccessible, student consultants can still login with their AD admin accounts?
© Server Fault or respective owner