LAPS Admin Permissions

create share 656 Reputation points
2021-03-01T10:57:38.777+00:00

Hi,

We are implementing LAPS in our environment. What permissions are required for IT Staff to install LAPS UI on their systems to get the passwords of users' pcs local admins?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,074 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,214 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
{count} votes

Accepted answer
  1. Fan Fan 15,321 Reputation points Microsoft Vendor
    2021-03-02T00:35:15.133+00:00

    Hi,
    Welcome to share here!
    The requirements to install the LAPS on the clients, you can refer to the following link :
    https://blog.thesysadmins.co.uk/deploying-microsoft-laps-part-1.html
    The permission to Read password also need to be assigned to the specific users.
    To Delegate a Security group the rights to view and reset LAPS, you can also refer to the link provided above.

    Best Regards,


1 additional answer

Sort by: Most helpful
  1. Mark Heitbrink 96 Reputation points
    2021-03-11T10:34:32.233+00:00

    You can not delegate an MSI installation. But you can simply copy the files from an existing installation to any location you want. The LAPS UI does not register anything. It only needs the AdmPwd.UI.exe and AdmPwd.UI.DLL in a location

    You can copy it to a share and deploy a link to it.

    0 comments No comments