LAPS vs PCI DSS

eC4ve 1 Reputation point
2021-06-29T20:00:05.957+00:00

I wanted to implement LAPS in my organization but it stores passwords in plaintext and I have to comply with PCI DSS requirements such as "Req. 8.2.1: Make all authentication information unreadable using strong encryption during transmission and storage on all system components."

I need to confirm if this will no put my compliance at risk.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,753 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hannah Xiong 6,231 Reputation points
    2021-06-30T02:45:33.37+00:00

    Hello @eC4ve ,

    Thanks for posting here.

    Microsoft Local Administrator Password Solution (LAPS) is a Microsoft tool that gives AD administrators the ability to manage the local account password of domain-joined computers and store them in AD.

    Someone might be wondering whether the Administrator password storing in AD in plain text is secure.

    The ms-Mcs-AdmPwd attribute in AD is a confidential attribute protected by an Access Control List (ACL). Only users with permissions to view this attribute can view the password (that is, Domain Admins and anyone else they’ve delegated access to). Keeping the same local Administrator password across large groups of systems is a much bigger security risk.

    Best regards,
    Hannah Xiong