Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft LAPS

From: "Reyor, William F." <wreyor () FAIRFIELD EDU>
Date: Tue, 1 Aug 2017 16:08:13 +0000
Hi Francisco,

Did you follow any one implementation guide to deployment. Just curious what you used as a resource to guide 
implementation

Thanks,
Bill

On Aug 1, 2017, at 11:53 AM, Francisco Chavez <fac3 () STMARYS-CA EDU<mailto:fac3 () STMARYS-CA EDU>> wrote:

John Rogers,

The way we do it..

We created a Security Group called “Desktop Admins” for example and then by using GPO we add this group to the PC and 
when a AD user is a member of this group he/she has local admin rights on the machine. By default PC’s joined to the 
domain allow domain admins as administrators on the PC but you really don’t want to hand out domain admin rights to 
just anyone. : )

Hope this helps...


Regards,
- Francisco Chavez

-----------------------------------------------------------------------------------
Francisco Chavez
Engineer, Network and Systems | Saint Mary's College of California
925-631-8236 | fac3 () stmarys-ca edu<mailto:fac3 () stmarys-ca edu>

<image003.jpg>

On Aug 1, 2017, at 8:18 AM, Rogers, John <john.rogers () OKSTATE EDU<mailto:john.rogers () okstate edu>> wrote:

Is anyone using Microsoft LAPS for computer admin password management? If so, does it work well? Any gotchas when 
implementing or using it? Any limitations we should be know about?

Thanks,

John Rogers
IT Security Engineer
Information Technology Department
Oklahoma State University
John.Rogers () okstate edu<mailto:John.Rogers () okstate edu>
405-744-2752

Previous By Date Next
Previous By Thread Next

Current thread: