Microsoft LAPS Step by Step - Part 1

Tue, 02 Apr 2019 00:00:00 +0000

This is an updated version of a post I made on the Now Micro blog last year. The original version of this post can be read Here.

Why is Local Administrator Password Management Needed?

The question of how to deal with users having administrative rights on computers or other network resources is one that has many different answers and has evolved over time. While the scenarios around network and domain administrative access may be more complex, the local administrative rights scenario should be very similar for almost everyone.

Microsoft LAPS Step by Step - Part 2

Tue, 02 Apr 2019 00:00:00 +0000

This post is the second part of a two-part series on configuring and deploying the Microsoft Local Administrator Password Solution (LAPS). The First Post covered the steps needed to configure Active Directory to support LAPS. This post will cover the steps needed to enable the LAPS functionally on devices.

In order for the local administrator password to be randomized on devices, two conditions need to be met.

1. The client needs to have a group policy object linked that enables LAPS
2. The client needs to have the LAPS group policy client-side extensions installed so it knows what LAPS is

Configure Group Policy to Deploy LAPS Settings

Group Policy is used to configure LAPS settings and to enable the LAPS functionally on targeted devices. The LAPS settings can be added to an existing group policy object, however in this example, a new group policy object will be created to deploy the settings.

Microsoft-Laps on Jon's Notes

Microsoft LAPS Step by Step - Part 1

Microsoft LAPS Step by Step - Part 2

Configure Group Policy to Deploy LAPS Settings