In Active Roles is there a way to track who can view the LAPS password attribute? We were looking way to audit who views the attribute ms-Mcs-AdmPwd.
- Products
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities
In Active Roles is there a way to track who can view the LAPS password attribute? We were looking way to audit who views the attribute ms-Mcs-AdmPwd.
Hello, whitet10.
There is no "out-of-the-box" feature to track this yet, but it is certainly within the realm of accessible configuration. Attached is a video demonstrating one possible means by which to implement this kind of solution. Hope you find it helpful!
Cheers,
Shawn.
What "Command Type" is that? I am trying to recreate what you did.
What "Command Type" is that? I am trying to recreate what you did.
Looks like editing object properties. Basically, you need something to trigger a workflow / policy script to pull the LAPS password value as Shawn did. Within that set of actions, you can also audit who made the request.
The "command" is a standard "show form" command to display a form of my own creation.