The problem with computers that come straight from an OEM or setup by users themselves is that sometimes they leave the original Local Administrator Account Password Blank. When this PC joins a domain as most PC's in business' do , this blank password is left as an exploitable security rish which is how UK renowned British Hacker Gary McKinnon infiltrated Nasa
Not only can someone access your PC remotely they can also :
- Install a keylogger to get the Domain Users or Administrator Password
- Install Software to reverse engineer Cached Credentials
- Get immediiate access all the local FIles on the Computer
- Get Users Saved Browser Passwords
LAPs is a solution provided by Microsoft , that when installed has a tiny client rolled out on each PC, that gets told by Group Policy to generate a random password. The password gets changed every 30 days and is unique for each computer. Even if the computer disconnects the domain for what ever reason your local AD will still have a record for the password
LAPS is easy to deploy, easy to manage and provides several security benefits… and it’s free available below