Thursday, May 29, 2025
Latest:
NETWORK ADMINISTRATIONSWindows server

Securing the Local Administrator Account (LAPS Password Manger) [Windows Server 2019]

Alice AUSTIN

I (tobor), demonstrate how to secure the local Administrator account in a domain environment using LAPS password manager.

LAPS Backup Script
https://github.com/OsbornePro/BackupScripts/blob/main/BackupLAPS.ps1

LAPS Installer
https://www.microsoft.com/en-us/download/confirmation.aspx?id=46899

LAPS Get Started with Setup Script from Video
https://github.com/OsbornePro/ConfigTemplates/blob/main/LAPS-Setup.ps1

If you use SCCM you can use the below commands to push out LAPS
# Deploy LAPS to x64 device
msiexec /q /i \servershareLAPS.x64.msi
# Deploy LAPS to x86 device
msiexec /q /i \servershareLAPS.x86.msi
# Create a custom admin account during its set up to manage
msiexec /q /i \servershareLAPS.x86.msi CUSTOMADMINNAME=ITLocalAdmin

0:00 Intro Summary
0:34 Download LAPS
1:05 Intro to LAPS-Setup.ps1 Script used for setting up LAPS
1:45 Install LAPS on a Primary Domain Controller
2:01 Create the LAPS Network Share
3:40 See if the LAPS ADMX group policy file exists
4:11 Install LAPS on your Primary Domain Controller
5:20 Updating the AD Schema for LAPS
6:18 See which AD OU’s can read the LAPS attribute “ms-Mcs-AdmPwd”
7:45 Remove or add Extended Rights Permissions in ADSI for LAPS
8:52 LAPS Backup Script (Optional)
10:30 Summarize Importance of LAPS Backups
10:47 Create LAPS Security Group in AD
11:00 Edit LAPS Group Policy Settings

15:03 Edit Security Options Group Policy Settings

18:18 Group Policy to Install LAPS on client devices
20:01 Applying the GPO to OU
20:42 Thanks for watching!

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S. Security Package
https://www.btps-secpack.com/

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

66. How to Setup Work Folders on Windows Server 2019

Alice AUSTIN

آموزش لینوکس LPIC2 202 قسمت 8 Chroot کردن BIND

Inter-VLAN Routing using a Layer 3 Switch and SVI's

Leave a Reply

Your email address will not be published. Required fields are marked *