I'm planning to implement Windows LAPS in our organization and am debating between deploying it via GPO or Intune. I'm leaning towards using Intune, but I wonder if there's any advantage to choosing one method over the other. Additionally, I noticed in the guide on deploying LAPS with Intune that there's a field for "Administrator Account Name." We currently have a GPO that renames the local admin account on all machines, but it's currently disabled. Should I enter that account name in the Intune field or leave it as "Not Configured"? Lastly, are there any other important considerations I should keep in mind before proceeding with the setup?
1 Answer
You really have two main options: either re-enable the local built-in admin account and put its name in that field or create a new local admin account on all machines for LAPS to manage. I chose the second option in my last deployment, and it worked smoothly. Just make sure that the new local admin account is created on all old and new devices. We had some issues with older laptops that missed the command to create the new account, which caused confusion for our tech support.
Thanks for the advice! I think I’ll just go with re-enabling the built-in account. That sounds much easier!
Yep, same issue here with older devices unexpectedly popping up! Definitely a hassle.