In Active Roles is there a way to track who can view the LAPS password attribute? We were looking way to audit who views the attribute ms-Mcs-AdmPwd.
- Products
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities
In Active Roles is there a way to track who can view the LAPS password attribute? We were looking way to audit who views the attribute ms-Mcs-AdmPwd.
Hello, whitet10.
There is no "out-of-the-box" feature to track this yet, but it is certainly within the realm of accessible configuration. Attached is a video demonstrating one possible means by which to implement this kind of solution. Hope you find it helpful!
Cheers,
Shawn.
What "Command Type" is that? I am trying to recreate what you did.
Looks like editing object properties. Basically, you need something to trigger a workflow / policy script to pull the LAPS password value as Shawn did. Within that set of actions, you can also audit who made the request.
Looks like editing object properties. Basically, you need something to trigger a workflow / policy script to pull the LAPS password value as Shawn did. Within that set of actions, you can also audit who made the request.