search

lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
239 stars 20 forks source link

Query on Delegate Microsoft LAPS password permissions #163

Closed Afsars12 closed 2 years ago

Afsars12 commented 2 years ago

Hi Team,

I have a query regarding Delegate Microsoft LAPS password permissions using a script, Script says to simply change the $ou variable to the full DN on of the container than contains the computers we want to be able to access with AMS. But it does not say anything about the service account(gMSA) do we need to enter the SID of the gMSA in the script or do we need to leave it as is?

$serviceAccountSid = new-object System.Security.Principal.SecurityIdentifier "S-1-5-21-2997827111-2954209351-769455768-368483"

Kindly revert

Afsars12 commented 2 years ago

Ok I think the SID of the gMSA account will get captured during installation of domain and put that in pre-built script

jemmiegod commented 2 years ago

You are correct, there is no need to update the gMSA if you use AMS to generate the script. It does this automatically for you.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.