NETWORK ADMINISTRATIONSWindows server

Securing the Local Administrator Account (LAPS Password Manger) [Windows Server 2019]

I (tobor), demonstrate how to secure the local Administrator account in a domain environment using LAPS password manager.

LAPS Backup Script
https://github.com/OsbornePro/BackupScripts/blob/main/BackupLAPS.ps1

LAPS Installer
https://www.microsoft.com/en-us/download/confirmation.aspx?id=46899

LAPS Get Started with Setup Script from Video
https://github.com/OsbornePro/ConfigTemplates/blob/main/LAPS-Setup.ps1

If you use SCCM you can use the below commands to push out LAPS
# Deploy LAPS to x64 device
msiexec /q /i \servershareLAPS.x64.msi
# Deploy LAPS to x86 device
msiexec /q /i \servershareLAPS.x86.msi
# Create a custom admin account during its set up to manage
msiexec /q /i \servershareLAPS.x86.msi CUSTOMADMINNAME=ITLocalAdmin

0:00 Intro Summary
0:34 Download LAPS
1:05 Intro to LAPS-Setup.ps1 Script used for setting up LAPS
1:45 Install LAPS on a Primary Domain Controller
2:01 Create the LAPS Network Share
3:40 See if the LAPS ADMX group policy file exists
4:11 Install LAPS on your Primary Domain Controller
5:20 Updating the AD Schema for LAPS
6:18 See which AD OU’s can read the LAPS attribute “ms-Mcs-AdmPwd”
7:45 Remove or add Extended Rights Permissions in ADSI for LAPS
8:52 LAPS Backup Script (Optional)
10:30 Summarize Importance of LAPS Backups
10:47 Create LAPS Security Group in AD
11:00 Edit LAPS Group Policy Settings

15:03 Edit Security Options Group Policy Settings

18:18 Group Policy to Install LAPS on client devices
20:01 Applying the GPO to OU
20:42 Thanks for watching!

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S. Security Package
https://www.btps-secpack.com/

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

Leave a Reply

Your email address will not be published. Required fields are marked *