Local administrator accounts are disabled; alternatively, passphrases that are random and unique for each device’s local administrator account are used.
Topic
Local administrator accounts
Applicable to
all
History
Priority
must
Mar 2022
Removed
The recommendation to disable the use of local administrator accounts has been removed due to a conflict with the Essential Eight Maturity Model. Furthermore, the recommendation allowing any privileged account to bypass application control has been paired back to local administrator accounts and break glass accounts.