LAPS questions about setting it up

Eaven HUANG 2,181 Reputation points
2021-10-14T03:21:27.787+00:00

Dear experts,

To comply with security auditing purpose, we are looking for one way to bulk-change the local admin password for all the domain client machines (all are running windows 10, over 500+). I learned that MS has removed the direct-password-change from GPO and introduced LAPS. I'm in the middle of self studying on their LAPS_OperationsGuide but have some questions on the way. Hopefully they can be answered:

  1. We have 3 DCs, do I need to install the GPO CSE and management tools on everything DC?
  2. Do I import the .ps1 script onto each DC and also modify the Schema on them?
  3. After LAPS is available on GPO options, once we enable it, will it change password automatically on a regular basis? The admin password on each client machine will be different?

Thanks. I'm now setting up a test env to see how far we can go and will also update on this thread.
Any help is appreciated.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,719 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.