Windows LAPS + Intune enablement
ฝัง
- เผยแพร่เมื่อ 22 ก.ค. 2024
- Blog post: oceanleaf.ch/windows-laps-guide/
@NiklasTinner: / niklastinner
Comprehensive community session on MEM series: • Windows LAPS: Design &...
Chapters
00:00 Intro
00:51 Key features
01:49 Key considerations
02:46 Architecture
03:24 Implementation steps
03:46 Enable LAPS in tenant
04:24 Endpoint Security Account Protection Policy
06:08 Create LAPS account with Remediation
07:31 Reporting in Intune
07:56 Retrieve password
08:39 Demo on device
by oceanleaf.ch/ - วิทยาศาสตร์และเทคโนโลยี
Awesome video, great explanation and breakdown of LAPS.
What a great and detailed explanation of LAPS implementation. I've got some questions, though.
1. Should the detection script also check if the user is in the admin group? If there is a chance the user with such a name exists but is not in the admin group the script will probably fail to execute.
2. Do we need to configure any parameters when creating a user such as "User must change password at next logon" and/or "Password never expires"
Thanks
1. Yes, good idea to extend the script. But in reality I never faced issues with it ;)
2. No, that is not needed.
Hi Nicklas. Do you have any suggestions for those who aren't licensed for Remediation scripts? Also, have you run through the migration from legacy to modern scenario yet?
You could use a configuration profile, e.g. here: cloudinfra.net/how-to-create-a-local-admin-account-using-intune/ but that is sometimes a little unreliable.
If you are interested in the migration scenario, consider my blog post oceanleaf.ch/windows-laps-guide/ or watch my comprehensive video guide here: th-cam.com/video/LzGiLCVIew8/w-d-xo.html&ab
@@oceanleafnt excellent thanks!