I have been working on Windows NT systems since NT 3.51 (Close to 18 years). For the entire time I have worked on Windows NT systems we have had a problem managing local administrator accounts. They are a necessary evil as a last chance account to get back into the operating system, but secure password management has been nearly impossible during the entire life of the operating system. Is there really no solution to this problem in 18 years. No one in Microsoft management can argue there isn't a need.
The most frustrating part about this is that Microsoft created a very nice method in preference mode to deploy passwords. The method is AES 256 encrypted and could be very secure if Microsoft had not also compromised the encryption key used to encrypt the password. Why would you encrypt the password in the first place if you were just going to compromise the encryption key? Why after 18 years can't Microsoft provide a method of secure password changes for the local administrator account?
How about this... Update preference mode to use elliptical curve cryptography and publish the public key only!!!!!!! Wouldn't that fix this problem once and for all? Administrators would just need to limit the policy to computers only and the solution would work for most of us. It would be no less secure than NTLMv2 or passwords stored in active directory or the SAM database.
Please tell me I am wrong that there is no Microsoft supported solution to securely manage local user accounts. Maybe in SCCM, or Windows 8, or some tool I have never discovered. I am pretty sure all I can do is rant and get a bunch of responses about third party products that might be more secure (until we learn why they are not)...
What do we need to do to get development to fix this? It is so past due that we have a solution to this problem...
If you are reading this and you agree with me, help me start a movement. Mark this post as helpful. Maybe if enough people mark this as helpful we will get some attention for this issue.
Rant complete.