Only additional setting to configure will be Password Age Days when Azure AD selected as the directory service for backing up the local administrator password. Snippet from Policy Creation, Backup Directory Setting - Active Directory only Some of these will include Active Directory specific settings such as “AD Encrypted Password History Size”, “AD Password Encryption Principal” and “AD Password Encryption Enabled” if backup to Active Directory is selected. There will be additional settings depending on the backup directory selected. Snippet from Policy Creation, Backup Directory Options You can also use “Disabled” option to remove existing configuration. It is possible to use Windows Server Active Directory or Azure Active Directory as a means to store local admin passwords. Snippet from Policy Creation, Configuration Settings Viewįirst setting in creating Windows LAPS policy is defining the directory service that will be used to backup the local admin password on the endpoints. Let’s take a deeper look at these options and prepare our Windows LAPS policy. As you see there are several options regarding Administrator account, password options as well as the directory to backup the local administrator password. Snippet from Policy Creation - Naming Account Protection Policy Snippet from Endpoint Security, Account Protection Node, Policy Creation ViewĪs always, first step is naming policy as well as giving a description. Selecting Local admin password solution (Windows LAPS) from profile list will start policy creation wizard. As you notice, there are different account protection policy options such as Local User Group Membership or Account Protection as well as Local Admin Password Solution (Windows LAPS). Snippet from Endpoint Security, Account Protection Viewįirst option will be selecting platform for the policy, and the second option will be policy type itself. Clicking on “Create Policy” button will present policy creation wizard. Local Admin Password Solution policies can be configured from Endpoint Security Node, Account Protection view. Snippet from Azure Active Directory Devices Node, Device Settings ViewĪfter enabling feature on the tenant level, we can proceed with policy creation. Option to enable Azure AD Local Administrator Password Solution (LAPS) will be available for configuration.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |