Introduction
Effective management of locally defined user accounts and group memberships is required to address common enterprise problems. As part of any Windows-based system deployment or client management task, enterprises need to secure accounts that possess local administrative rights to the host. Usually large enterprises define a single, static password for use across thousands of computers. Given the ease by which even complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise.
...
- Gain visibility and control over users and groups. Install the Local Security Agent on your managed computers, allowing the Local User Security Solution to obtain local user and group inventory. It also lets you implement random password generation.
- Create Provisioned Users for local accounts you want to manage and prevent from making configuration changes or interfering with system security.
- Create Provisioned Groups to represent groups of local accounts you want to manage collectively. By provisioning groups, ensure that unauthorized users are not maliciously or mistakenly added to administrative group accounts.
- Create a Local User/Group Provisioning Policy local user or group provisioning policy and add the provisioned users and groups you want. When this policy is activated selected users and groups are provisioned and ready to manage.
- Randomize and cycle passwords. The Random Password random password policy lets you generate random passwords automatically, in a schedule, for a defined collection.
- Detect account anomalies in your environment by generating compliance reports that detail all account-related differences between a known secure baseline system and a corresponding collection of systems.