Avatar of hypercube
hypercube
Flag for United States of America asked on

Deploying LAPS

Links and hints for deploying LAPS would be helpful.
Which procedure available on the web is the one you  prefer?
Or, perhaps you just use Microsoft instructions as you set it up?

I found this:
https://blog.thesysadmins.co.uk/deploying-microsoft-laps-part-1.html ... and -part-2.html
Is it reasonable?  There are clearly a number of things that are needed that could be intrusive.

Particular "hints and kinks" that you suggest?
Warnings?
Network ManagementActive DirectoryMicrosoft Legacy OSWindows OSWindows Server 2003

Avatar of undefined
Last Comment
hypercube

8/22/2022 - Mon
Philip Elder

We've worked with it and it is excellent. It gives us control over the systems and an avenue for users to make a change if it is necessary.

It's great at removing access for tinkerers.

Both parts are excellent write ups. Go for it!
Steve Knight

LAPS "just works".  You won't look back, got for it!

Steve
hypercube

ASKER
And, to access the passwords, an authorized user just does what?  I need to be able to instruct the users.
I don't need much here, just a quick comment so I can understand what I'll be telling them.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Steve Knight

Types in the computer name and reads the password:

LAPS-UI.png
hypercube

ASKER
Steve Knight:  Thanks.  Well, I'd seen that and assumed as much except:
This interface is running on a computer that the IT Tech is logged onto?  Or, is the app run "as administrator" on any computer?  or.....?

Suppose that the IT Tech is logged on via RDP as a Standard User and needs the local Admin password for some reason.
Then what do I tell them to do?  Back on out, open the app and then write down the password?  ugh..
I presume that Copy and Paste are the best way to go?

I know it would be a lot easier if I had an installation of LAPS to play with but, right now, I don't.
Sorry for asking such basic questions!
ASKER CERTIFIED SOLUTION
McKnife

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
hypercube

ASKER
I need to be a bit more specific.
LAPS *will be* in use. Perhaps that doesn't matter.

Given that, there remains a need to support machine configurations while logged in as THE standard user, if you will....
This because of User profile-specific things needing to be configured.
And, in that context, there are times when at least "run as administrator" is necessary.
Thus, the need for:
- that which I asked about initially

It appears that one could use the McKnife approach in order to:
1) log in as the standard user with RDP
2) establish the admin as described and use it to "run as administrator"
Would that work?

The one concern I have is that the technicians are Windows configuration techs and not any good at scripts unless the scripts are canned and can simply be executed.  I guess some judicious editing could create an interactive command line / PS interface.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
McKnife

If you want to give support within the user session, and do that comfortably, read  https://www.experts-exchange.com/articles/33768/Using-RDP-shadowing-for-convenient-user-support-and-remote-control.html

However, be aware that inserting passwords within the user session is never a good idea as it is insecure. The account that you utilise should be activated only for the time of support.

McKnife

Fred, your feedback is required.

hypercube

ASKER
Great comments and insights.  Thanks!
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23