To comply with security auditing purpose, we are looking for one way to bulk-change the local admin password for all the domain client machines (all are running windows 10, over 500+). I learned that MS has removed the direct-password-change from GPO and introduced LAPS. I'm in the middle of self studying on their LAPS_OperationsGuide but have some questions on the way. Hopefully they can be answered:
We have 3 DCs, do I need to install the GPO CSE and management tools on everything DC?
Do I import the .ps1 script onto each DC and also modify the Schema on them?
After LAPS is available on GPO options, once we enable it, will it change password automatically on a regular basis? The admin password on each client machine will be different?
Thanks. I'm now setting up a test env to see how far we can go and will also update on this thread.
Any help is appreciated.