GoShen Posted November 30 Posted November 30 Hi all. Had a question regarding the windows 10 built in local admin account. Currently, i am logging into the golden image with this account when making changes along with OSOT. After I have it uploaded and i sign into the VDI, I notice how the admin account is enabled but has the same password as the golden image. Is there a best practice on how to secure this account? Is it renaming it? I tried disabling it with GPO but it tells me it can't do that since its the only admin account. THank you
Solution Dominik Posted November 30 Solution Posted November 30 Hi @GoShen, you can use LAPS for automatically change local admin password. https://learn.microsoft.com/pl-pl/defender-for-identity/security-assessment-laps Dominik Jakubowski EUC Expert | vExpert ⭐️⭐️⭐️ VDI Ninja https://vdesktop.ninja
GoShen Posted November 30 Author Posted November 30 Thanks. is there a guide on how to set that up just for vdi?
Dominik Posted November 30 Posted November 30 The configuration for vdi is no different from that for regular computers. Dominik Jakubowski EUC Expert | vExpert ⭐️⭐️⭐️ VDI Ninja https://vdesktop.ninja
StephenWagner7 Posted November 30 Posted November 30 (edited) 6 hours ago, GoShen said: Hi all. Had a question regarding the windows 10 built in local admin account. Currently, i am logging into the golden image with this account when making changes along with OSOT. After I have it uploaded and i sign into the VDI, I notice how the admin account is enabled but has the same password as the golden image. Is there a best practice on how to secure this account? Is it renaming it? I tried disabling it with GPO but it tells me it can't do that since its the only admin account. THank you If you follow the TechZone guide on image creation, the GPO they instruct you to create will disable the local administrator. This occurs during ClonePrep when the VM and snapshot is ingested in to Horizon, domain joined, and GPOs load. If you haven't seen that document, I recommend you read it: https://techzone.omnissa.com/resource/manually-creating-optimized-windows-images-horizon-vms While in most cases admin will never be required on a provisioned Instant Clone, you'll still be able to log in as administrator using any domain accounts, or any accounts that have administrator privs on the OU that the Instant Clones reside in. Edited November 30 by StephenWagner7 1 Stephen Wagner (President, Digitally Accurate Inc.) VMware vExpert (vExpert Pro, vSphere, vSAN Awards), Omnissa Tech Insider, NVIDIA NGCA Advisor, VMUG Leader, and Director (Board of Directors) at World of EUC Check out my Tech Blog: https://www.StephenWagner.com
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now