How to install and setup LAPS ( Local Administrator Password Solution )

Download

Click here to Download the software

Install

Install 32bit or 64bit depending on server , install ALL the Management Tools

Open Powershell as Administrator and with Domain Admin Writes and run

Import-module AdmPwd.PS  

Then

Update-AdmPwdADSchema 

Make sure the above says Sucess

In the same Powershell Window you need to declare the OU’s where the computers will live

Set-AdmPwdComputerSelfPermission -OrgUnit <name of the OU to delegate permissions>

Now you want to see who have access to look at the password in the OU

Find-AdmPwdExtendedrights -identity “OU NAME”

Add or remove permissions via : 

Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>

Group Policy

On the PC you installed the LAPS tool to ,  copy the following files : 

C:\Windows\PolicyDefinitions\AdmPwd.admx to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\

C:\Windows\PolicyDefinitions\en-US\AdmPwd.adml to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US\AdmPwd.adml 

Now create a Group Policy and Apply to the computers you would like to have self managed local Administrator Password

 

Administering

How to find password using Gui

On the PC installed with LAPS , run  : C:\Program Files\LAPS\AdmPwd.UI.exe and enter the computer name to find the password

Use Powershell : 

Get-AdmPwdPassword -Computername "%COMPUTERNAME%"

To reset password Immediately :

 Reset-AdmPwdPassword -ComputerName <computername>

 

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely