LAPS (local administrator password) command

Asked Apr 26 '18 at 15:16

Active Apr 28 '18 at 18:27

Viewed 223 times

Anyone knows if this is possible to change LAPS command so it sets permissions 1 user to 1 computer? The reason is I want to allow target user to be able to view his computer laps password. Currently,

Set-AdmPwdReadPasswordPermission -OrgUnit OU -AllowedPrincipals UsersAndGroups

command sets permissions for a user to read ms-Mcs-AdmPwd attribute on AD. But the issue is that a user is able to read another computer's ms-Mcs-AdmPwd attribute in same OU as well.

edited Apr 28 '18 at 18:27

JosefZ

1,564
1
10
18

asked Apr 26 '18 at 15:16

guest1

Why not just grant the user access to read the extended attributes on that one computer object? You don't need a cmdlet for this. – twconnell Apr 27 '18 at 20:55

LAPS (local administrator password) command

0 Answers0