Hey everyone! I'm looking to deploy LAPS on my Windows Servers, but I'm interested in setting up a custom admin account to be managed through it. What do you think is the most reliable approach? I'm thinking about using remote PowerShell sessions to connect to all servers via a CSV file. Is there a better way to handle this?
4 Answers
A scheduled task could be a good way to automate this too. You could set it to run weekly on a management server, ensuring that all new servers have the custom admin account set up. Group Policy could work here as well, depending on your environment.
I was thinking about using a solution like Ansible for managing accounts across Windows servers. It can help set up those accounts consistently and even fix configurations if the servers aren’t matching the desired setup. If you're looking for something PowerShell-centric, check out PowerShell Universal—it might be worth the investment.
You could definitely use Group Policy Preferences to create the custom admin account and add it to the admin group. It’s a straightforward method that works well!
When you say custom admin, are you referring to a non-built-in admin account? It's usually better for security to avoid using the built-in admin account. I'd suggest creating a separate account specifically for LAPS and managing that instead!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures