Configure Local Administrator Password Solution (LAPS)

Published: 16 April 2019
on channel: microsoft lab
33,198
106

Donate Us : paypal.me/MicrosoftLab

Configure Local Administrator Password Solution (LAPS)

1. Prepare

DC1 : Domain Controller(Yi.vn) | WIN101 : Client (belong Clients OU)

Software : Local Administrator Password Solution (LAPS) (LAPS.x64.msi)

Purpose : Management of local account passwords of domain joined computers

2. Step by step : Configure Local Administrator Password Solution (LAPS) on DC1

DC1, WIN101 : Install Configure Local Administrator Password Solution .Double-click LAPS.x64.msi - Custom Setup : Select all to install - Install - Finish

DC1 : Configure Local Administrator Password Solution

Start - Windows PowerShell, type :

Import-module AdmPwd.PS # Import the PowerShell module

Update-AdmPwdADSchema # Update the Schema

Set-AdmPwdComputerSelfPermission -OrgUnit Clients # Delegate permissions for Clients OU

Set-AdmPwdReadPasswordPermission -OrgUnit Clients -AllowedPrincipals Administrators # Grant permission for Adminstrators group

Configure Group Policy

Server Manager - Tools - Group Policy Management - Yi.vn :

Right-Click Clients OU - Create a GPO... - Name : PwdManagement - Right-Click PwdManagement - Edit... - Computer Configuration - Policies - Administrative Tempaltes - LAPS :

Enabling the local administrator password management : Enable

Password Settings : Password Age (Days) : 90 (or you want)

Name of administrator account to manage : Enable, Administrator account name : Admin (or your organization)

Start - cmd, type : gpupdate /force

WIN101 : Update policy. Start - cmd, type : gpupdate /force

DC1 : Check client

Active Directory Users and Computers - View tab - Advanved Features - Clients OU - Right-Click WIN101 - Properties - Attribute Editor tab - Check 'ms-Mcs-AdmPwd' and 'ms-Mcs-AdmPwdExpirationTime'

Start - LAPS UI - ComputerName : WIN101 - Search - Check Password and 'Password expires' - Set

RRight-Click WIN101 - Properties - Attribute Editor tab - Check 'ms-Mcs-AdmPwd' and 'ms-Mcs-AdmPwdExpirationTime'

WIN101 : Logon using Admin account local with password from LAPS === OK


-----------------------------------------------------------------------********************    / microsoftlab   ********************---------------------------------------------------------


Watch video Configure Local Administrator Password Solution (LAPS) online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 16 April 2019, don't forget to share it with your friends and acquaintances, it has been viewed on our site 33,198 once and liked it 106 people.