Link to home
Start Free TrialLog in
Avatar of hypercube
hypercubeFlag for United States of America

asked on

Deploying LAPS

Links and hints for deploying LAPS would be helpful.
Which procedure available on the web is the one you  prefer?
Or, perhaps you just use Microsoft instructions as you set it up?

I found this: ... and -part-2.html
Is it reasonable?  There are clearly a number of things that are needed that could be intrusive.

Particular "hints and kinks" that you suggest?
Avatar of Philip Elder
Philip Elder
Flag of Canada image

We've worked with it and it is excellent. It gives us control over the systems and an avenue for users to make a change if it is necessary.

It's great at removing access for tinkerers.

Both parts are excellent write ups. Go for it!
LAPS "just works".  You won't look back, got for it!

Avatar of hypercube


And, to access the passwords, an authorized user just does what?  I need to be able to instruct the users.
I don't need much here, just a quick comment so I can understand what I'll be telling them.
Types in the computer name and reads the password:

User generated image
Steve Knight:  Thanks.  Well, I'd seen that and assumed as much except:
This interface is running on a computer that the IT Tech is logged onto?  Or, is the app run "as administrator" on any computer?  or.....?

Suppose that the IT Tech is logged on via RDP as a Standard User and needs the local Admin password for some reason.
Then what do I tell them to do?  Back on out, open the app and then write down the password?  ugh..
I presume that Copy and Paste are the best way to go?

I know it would be a lot easier if I had an installation of LAPS to play with but, right now, I don't.
Sorry for asking such basic questions!
Avatar of McKnife
Flag of Germany image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I need to be a bit more specific.
LAPS *will be* in use. Perhaps that doesn't matter.

Given that, there remains a need to support machine configurations while logged in as THE standard user, if you will....
This because of User profile-specific things needing to be configured.
And, in that context, there are times when at least "run as administrator" is necessary.
Thus, the need for:
- that which I asked about initially

It appears that one could use the McKnife approach in order to:
1) log in as the standard user with RDP
2) establish the admin as described and use it to "run as administrator"
Would that work?

The one concern I have is that the technicians are Windows configuration techs and not any good at scripts unless the scripts are canned and can simply be executed.  I guess some judicious editing could create an interactive command line / PS interface.

If you want to give support within the user session, and do that comfortably, read

However, be aware that inserting passwords within the user session is never a good idea as it is insecure. The account that you utilise should be activated only for the time of support.

Fred, your feedback is required.

Great comments and insights.  Thanks!