How is the username of the local administrator account to be managed defined?

lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.

Other

239 stars 20 forks source link

How is the username of the local administrator account to be managed defined? #150

Closed kyle0440 closed 2 years ago

kyle0440 commented 2 years ago

LAPS has the setting "Name of administrator account to manage" in its GPO, but the Lithnet Access Manager Agent does not. How is this setting supposed to be defined when using the access manager agent?

ryannewington commented 2 years ago

It looks for the built in administrator SID, which is well known and the same on every computer, therefore it doesn't need you to provide the account name.

kyle0440 commented 2 years ago

So when migrating away from a LAPS install (which managed the password of a user that's not the built-in Administrator account), I would need to

set up a GPO to enable the built-in Administrator account, and
switch to using that account for local admin instead?

ryannewington commented 2 years ago

Ah yes. Access manager only manages the built in admin account. So if it's a different account, not just one that's been renamed, we don't have support for that scenario. So as you said, reenable the built in admin and manage that instead.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.