Hope this post finds you in good health and spirit.
This post is regarding high level plan of Local Administrator Password Solution (LAPS) configuration in domain Network.
Microsoft’s LAPS is a useful tool for automatically managing Windows computer local Administrator passwords. LAPS stores the password for each computer’s local administrator account in Active Directory, secured in a confidential attribute in the computer’s corresponding Active Directory object.LAPS helps to reduce the workload and help local administrator or desktop team to manage local administrator password in active directory for a number of machines.
The solution is built on Active Directory infrastructure. LAPS uses a Group Policy client-side extension (CSE) that you install on managed computers to perform all management tasks.
The following steps need to be performed to configure LAPS
- Install Microsoft LAPS on domain joined server
- AD preparation – Schema extension
- Change Computer object permissions
- Assign permissions to the group for password access
- Installation of GP CSE via MSI installation on clients to be managed
- Group policy configuration
Its not necessary to install the LAPS on domain controller only, As per best MS practice We should install LAPS on one of member servers and make it as the management computer instead of Domain Controller, and install AD DS management tool on this management computer and only need the domain administrator credential to manage the LAPS from this server.
So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!
Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.