I am trying to deploy Laps to all my users via GPO but issue i am having is nobody has local admin rights on their machines so obviously the install wont work with user config and i cant really use computer configuration as most of my users are now working from home and are not logged into the vpn at startup/shutdown so the policy never triggers. Is there another way to achieves this?
Asked
Active
Viewed 322 times
2 Answers
0
As long as your clients' firewalls allow connections from insight the vpn, you could install LAPS through psexec:
psexec.exe \\<VPNCLIENT> -s msiexec.exe /i \\<SERVER>\<DEPLOY>\laps.msi
There is not really a way to trigger ist this remotely without applying GPOs; the only way around this would be connection to the VPN before login.
bjoster
- 4,805
- 5
- 25
- 33
0
You can get around this issue by deploying a scheduled task in a Group Policy preference. Have the task kick off on creation or some interval. You should write a small script to first verify if the install is needed or not before running the installer. Run the task as the SYSTEM user and target the policy to your LAPS clients.
Once the user is on the VPN, the computer will eventually update it's group policy and will run your task.
twconnell
- 902
- 5
- 13