I've got LAPS set up and everything is running smoothly. I'm working with an intern who needs to install some software on various machines, which means they'll need access to the local admin password in Entra. I'm trying to figure out the minimum role they should have to retrieve the password. I previously tried giving them Helpdesk admin and security reader roles, but that didn't work. Any suggestions?
2 Answers
One option is to create a secondary account for your intern and add them to a group that has local admin rights on all the machines they'll be working on. Once they're done with the project, you can just remove the access. It’s a quick and efficient solution that’s specific to their task.
You might want to consider using Endpoint Privilege Managers. These tools can handle local admin rights pretty well. If your intern needs to run certain apps regularly, you can set up a privilege elevation policy. They can gain temporary admin rights for installs, and those rights will automatically revert back after a set time. It scales much better than manually managing admin access.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures