因為之前有發生過被駭客用1組帳密入侵大半伺服器
那時候有做後續的緊急處理,好像是把所有server都做一組自己的admin帳密
並取消所有共同登入的帳密,只是有點忘記那時候是怎麼做的了?
需求是該帳密只能登入特定主機而已,並擁有本機administrator
這部份應該做本機還是做網域帳號比較適合呢?
不過要是流出的是Domain admin是不是就沒救?
已邀請的邦友 {{ invite_list.length }}/5
For local admin password, can look into Windows LAPS (Local Administrator Password Solution)
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
As for Domain Admin, you are supposed to setup detection capability to identify abnormal login. You can also look into below 2 articles to properly secure the account
iThome鐵人賽
看影片追技術