LAPS implementation on built-in administrator account

Question

How to implement LAPS in the following conditions:

Thousands of client computers with custom local admins created (different names), So through GPO we can remove the administrators group membership & Configure the LAPS on
Builtin 'Administrator' account but, by default, it is disabled in Windows 10 computers & Unable to enable as it requires Password & we can't apply a password through GPO.
Also, we can't create an admin user through GPO.

Manually it's not possible for thousand of computers.

any help in these conditions?

Answer

Hello

Thank you for your question and reaching out.

In your scenario you can create Custom Local Admin for all your Clients PC using LAPS GPO.

In LAPS GPO settings -> “Name of administrator account to manage” Type name like "LAPSAdmin"
Open GPO --> Computer Configuration –> Preferences –> Control Panel Settings –> Local Users and Groups;

-----------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Answer

unable to create through LAPS
It's not possible as it needs to set a password because of the domain password policies

Kindly explain.

Answer

Just use Group policy preferences and remove all the false admin accounts than apply LAPS to all workstations through GPO. and install LAPS MSI to all clients with a deployment through GPO

LAPS implementation on built-in administrator account

3 answers