Posted by Kurt Buff on Jul 15
This seems more like an argument to not use DA accounts for NAC,
rather than a sure-fire method to undermine NAC.
I’ve not used NAC, but I’d have to guess that the machine wanting
access to the network has to announce itself by name, at least.
If that’s the case, how hard would it be to use the local
administrator account of the machine requesting admission? Assuming
that MSFT LAPS (or some similar system, such as the one from…