Purpose:
General guidance on using the Local Administrator Password Solution (LAPS) with PDQ Inventory version 14+ and PDQ Deploy (Enterprise mode required for both products).
IMPORTANT:
Resolution:
If not already completed, set up LAPS in your environment. Detailed instructions are available in this article, Configuring LAPS In Your Environment.
After having successfully configured and tested LAPS in your environment, you can use LAPS with PDQ Inventory and PDQ Deploy.
Using LAPS with PDQ Inventory:
In order to use LAPS with PDQ Inventory, the LAPS user credentials must be configured.
1. Go to Options > Credentials and click the Add LAPS button.
2. In the "Add LAPS Credentials" window, enter the appropriate information:
IMPORTANT: The domain credentials (e.g. User Name) in the above example must have read permissions for the LAPS password, which is set during LAPS configuration in the domain.
3. Test the credentials using the Test Credentials button and, when successful, click OK.
4. Select the LAPS account [a default setup of LAPS uses the local Administrator account. We recommend you create a different account as detailed here], if not already selected, and click the Set Default button to make the LAPS credentials the default scan user (optional, but highly recommended):
Using LAPS with PDQ Deploy (requires PDQ Inventory):
While no native support for LAPS exists within PDQ Deploy, LAPS can be used for deployments in conjunction with PDQ Inventory.
Prerequisites:
You can use LAPS during a deployment with either a schedule or Deploy Once. To use with a schedule, select Use PDQ Inventory Scan User credentials first, when available.
And in the Deploy Once window
In both cases, where the LAPS user is set as the Scan User, PDQ Deploy will attempt to use the LAPS credentials as defined in PDQ Inventory before the credentials defined in PDQ Deploy.
See Also:
Configuring LAPS In Your Environment
Using Scan User credentials (video): Managing Domain and Non-Domain Machines Within PDQ
Configuring LAPS and PDQ, a webcast:
LAPS (external sites):
Microsoft’s Official Download & Documentation: Local Administrator Password Solution (LAPS)
TechNet: Local Administrator Password Solution
TechNet Blog: Local Administrator Password Solution (LAPS) Implementation Hints and Security Nerd Commentary