Tuesday, May 6, 2025
Latest:
NETWORK ADMINISTRATIONSWindows server

Securing the Local Administrator Account (LAPS Password Manger) [Windows Server 2019]

Alice AUSTIN

I (tobor), demonstrate how to secure the local Administrator account in a domain environment using LAPS password manager.

LAPS Backup Script
https://github.com/OsbornePro/BackupScripts/blob/main/BackupLAPS.ps1

LAPS Installer
https://www.microsoft.com/en-us/download/confirmation.aspx?id=46899

LAPS Get Started with Setup Script from Video
https://github.com/OsbornePro/ConfigTemplates/blob/main/LAPS-Setup.ps1

If you use SCCM you can use the below commands to push out LAPS
# Deploy LAPS to x64 device
msiexec /q /i \servershareLAPS.x64.msi
# Deploy LAPS to x86 device
msiexec /q /i \servershareLAPS.x86.msi
# Create a custom admin account during its set up to manage
msiexec /q /i \servershareLAPS.x86.msi CUSTOMADMINNAME=ITLocalAdmin

0:00 Intro Summary
0:34 Download LAPS
1:05 Intro to LAPS-Setup.ps1 Script used for setting up LAPS
1:45 Install LAPS on a Primary Domain Controller
2:01 Create the LAPS Network Share
3:40 See if the LAPS ADMX group policy file exists
4:11 Install LAPS on your Primary Domain Controller
5:20 Updating the AD Schema for LAPS
6:18 See which AD OU’s can read the LAPS attribute “ms-Mcs-AdmPwd”
7:45 Remove or add Extended Rights Permissions in ADSI for LAPS
8:52 LAPS Backup Script (Optional)
10:30 Summarize Importance of LAPS Backups
10:47 Create LAPS Security Group in AD
11:00 Edit LAPS Group Policy Settings

15:03 Edit Security Options Group Policy Settings

18:18 Group Policy to Install LAPS on client devices
20:01 Applying the GPO to OU
20:42 Thanks for watching!

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S. Security Package
https://www.btps-secpack.com/

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

How to Configure and test Control-M Server SMTP parameters

México vs Honduras EN VIVO | CONCACAF Nations League 2023 | CUARTOS DE FINAL | NARRACION EN VIVO

Utilizar PHPmailer con Xampp para el envío de Correo

Leave a Reply

Your email address will not be published. Required fields are marked *