Dear experts,
To comply with security auditing purpose, we are looking for one way to bulk-change the local admin password for all the domain client machines (all are running windows 10, over 500+). I learned that MS has removed the direct-password-change from GPO and introduced LAPS. I'm in the middle of self studying on their LAPS_OperationsGuide but have some questions on the way. Hopefully they can be answered:
- We have 3 DCs, do I need to install the GPO CSE and management tools on everything DC?
- Do I import the .ps1 script onto each DC and also modify the Schema on them?
- After LAPS is available on GPO options, once we enable it, will it change password automatically on a regular basis? The admin password on each client machine will be different?
Thanks. I'm now setting up a test env to see how far we can go and will also update on this thread.
Any help is appreciated.