3. Check the Administrator account on all devices (LAPS)

Check the Administrator account on all devices (LAPS)

Hmmm you're going at this the wrong way. 1. Enable local admin account via GPO 2. Use LAPS to control it's password 3. Create a domain group for workstation administration 4. Assign this group to the local administrators group on workstations via GPO 5. Each tech/admin needs at least 2 accounts. One as standard user, the other with delegated privileges on desktops. 6. Add this second account to the workstation admins group from step 3

The LAPS password is last resort/breakglass. You cannot audit who did what what this account so it should almost never use it.

Same goes for servers admins. You don't need domain admin rights to manage servers. Least privilege principle is your friend :)

/r/PowerShell Thread Parent
Previous
Next

Recently removed from /r/PowerShell

Why can't I return an empty array from a function? What have you done with PowerShell this month? Is there a way to write a script that could compile a list of known advertisers on reddit, and then add those people to your block list? New to PS - MS-Graph Help Try-Catch Exception error makes no sense. No real line # Trying to make a script that disables a service at all network computers power settings Offboarding security group exclusion? How to run a powershell with parameters using a Batch file(or run it via Task Scheduler) Need Powershell Regex Help - Replace bound string within string PS 7 GUI Backcolor help Any one know how to pass OAuth Token and UPN name in PSCredential Object. Display Directory Path in PowerShell Win Form Need some help with getting metrics from ESXi host, script included, need modifications Here's a script I've written that grabs drivers from a computer and stores them logically somewhere.

More Random Comments

Big insurance bill due to coverage lapsing, do I have to pay it? PM Trudeau: We’re going to be offering government-backed Ukraine Sovereignty Bonds. Canadians will be able to go to major banks to purchase these bonds – and the funds will go to support the Ukrainian government, so they can support the Ukrainian people Friday: Personal Income and Outlays, Pending Home Sales Female draft (US) We fucked up. My friend is pregnant. Armed Individuals In Tactical Gear Are Showing Up At Arizona Ballot Boxes Aaa Honestly, how much money have you made or lost since you starting investing? No one will convince me that Batman VS Superman is a bad movie… Ginger Peanut Noodles On 15 January 2018, the Venezuelan Army and the Venezuelan National Guard launched an operation after discovering the location of Óscar Alberto Pérez the leader of a rebel group. After 3 hours a fully armed, Russian made BTR-80A arrives and ends the fight all survivors were believed to be executed. WIBTA If I Stop Doing My Mom's Hair Because She Hasn't Showered? How do I get my music heard without doing type beats? People who have survived attempted murder, how did it happen? How did you survive? What if Genshin wasn't a gacha