Configuring Windows LAPS in Intune is pretty easy and good if you want unique passwords for local (admin) accounts on your devices.
We start by creating a location account with the help of PowerShell. We use Intune to ensure that this account is a local administrator and end with configuring LAPS so the password for the created account is unique per device and rotating password every 7 days. The password is 24 characters in length and has complexity requirements. The password is securely stored in Entra ID.
PowerShell scripts mentioned in the video:
CheckForJBNAdminAccountDetection.ps1
Detection script if JBNAdmin local account exists
if ((Get-LocalUser).Name -contains "JBNAdmin")
{
write-host "All is good, account is there"
exit 0
}
else
{
write-host "account is missing"
exit 1
}
##CheckForJBNAdminAccountRemediation.ps1
Creating JBNAdmin local user
New-LocalUser -Name JBNAdmin -Description "JBN Local Admin account" -NoPassword
Chapters
00:00:00 Introduction
00:04:43 Create a local account with Remediation Scripts
00:18:10 Add local accounts to the local administrator group with Intune
00:20:30 Configure Windows LAPS in Intune
00:25:54 Verify the settings work
00:32:43 Outro
Негізгі бет Configure Windows LAPS in Intune
Пікірлер: 27