LAPS and permission to join computer to domain

Some you may have noticed that some users may be able to read local admin passwords on some computers without being delegated permission to do so by LAPS administrators. If you’re asking how is it possible, read further.   Creation of computer account Let’s first explain, how ACL on new AD object is created:  Domain…

4

LAPS updated to 6.0.1

Hello, We released update to LAPS last week. Changes in new version: Fixed bug that caused computer account not to be found by LAPS UP and LAPS Powershell in forest containing multiple domain trees, and computer account was in different domain tree than tree of forest root domain Added –SchemaNotUpdated switch parameter to cmdlet Find-AdmPwdExtendedPermissions…

14