Local Administrator Password Solution
If a single password is configured for the local admin accounts across all domain-joined computers, there is a high risk that it can be used in a widespread attack to install malware, elevate privileges, or gain access to sensitive files. To resolve this issue, Microsoft offers the Local Administrator Password Solution (LAPS). This works by setting a different random password on every computer in the domain and storing that password in AD, or Azure AD if it is used. Administrators can choose who can access those passwords in order to support the PCs.
The solution is built into AD and doesn’t require any other supporting technologies or licenses. LAPS uses the Group Policy client-side extension (CSE) or CSP that you install on managed computers to perform all management tasks. The solution’s management tools provide easy configuration and administration.
Once configured, you can create Group Policy settings to enable local administrator...