Easy way to enable intune laps local administrator password solution endpoint manager proactive remediation feature now use the powershell script leanlaps ps1 that you have download using the raw link in the above section.

Configuring group policy in part 2 of this series how to set up microsoft laps local administrator password solution in active directory we installed the management tools if you rsquo re using a management station you rsquo ll want to run one of the laps installers either x86 or x64 and make sure that the gpo editor templates are selected as part of the install.

One of the challenges faced by workstation administrators is to manage the local administrator account in large environment one of the options was to use group policy preferences but that was before kb2962486 removed the possibility to set password using group policy preferences since then microsoft as come up with a solution local administrator hellip.

As a windows administrator you need to be familiar with the basics of using powershell txt filepath c ps tune.

Microsoft intune doesn rsquo t enable you to granularly select where your scripts should apply but using intune with policypak is different but using intune with policypak is different if we want to accurately deploy our script policy by vpn triggering we could choose only members of a select user group that use windows 10 portable machines.

This is a very easy step which i have explained in another blog post it can be found here when you have created a collection with the compliant computers you can move on with the next steps for the purposes of this post i will call my collection windows 10 ndash bitlocker ready create a task sequence to set encryption level and enable bitlocker.

Laps requires on premises active directory infrastructure to function and thus may not even be feasible for pure azure ad and intune managed environments there is one addition specific to azure the device administrator role this role which is manageable via azure pim is designed to allow member users the privilege of being a local.

If you don rsquo t have an mfa gateway enable network level authentication nla practice the principle of least privilege and maintain credential hygiene avoid the use of domain wide admin level service accounts enforce strong randomized just in time local administrator passwords use tools like laps monitor for brute force attempts.

Virtual desktop infrastructure vdi is very complex many companies set out to build a windows based vdi or daas desktop as a service in the cloud offering for their users but poor planning and execution can lead to hitting brick walls which ultimately lead to projects stalling out or outright failure as in scrap it completely and do something else after much time hellip.

See local area network lanman acronym for lan manager a discontinued network operating system nos based on the os 2 operating system see lan manager laps acronym for local administrator password solution see local administrator password solution laps now available latam acronym for latin america region lbfo.