Configure LAPS with a custom credentials entry

The following guide describes how to add a PowerShell script in a custom credentials entry to connect on a remote machine using Windows LAPS (formerly Microsoft Laps).

Windows LAPS is required and must be properly configured in your environment to use this solution.

  1. In Remote Desktop Manager, create a new entry in the ribbon under the Edit tab.
  2. In Credential management, select the Custom entry type.
    Create a Custom credentials entry
    Create a Custom credentials entry
  3. Name your entry and select its destination folder.
  4. In the General tab, make sure the drop-down menu is set to PowerShell.
    Set the drop-down menu to PowerShell
    Set the drop-down menu to PowerShell
  5. Add the following PowerShell script in the Command box.

Please note that the script uses the $HOST$ variable for the `-ComputerName` switch of the `Get-LapsADPassword` cmdlet and uses the $PARAMETER1$ variable for the username (see step 6 below).

Also note that depending on your environment, the $PARAMETER$ could be related to the `-Identity`.

You can also configure the parameter 2 to set the username you need and change the script value from %USERNAME% to $PARAMETER2$.

We recommend to launch Remote Desktop Manager as an administrator to gain elevated permissions.

Import-Module LAPS -ErrorAction SilentlyContinue
$isImport = Get-Module -List LAPS
if ($isImport)
{
    try
        {
         $null2 = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
         $isDomain = $true
        }
    catch
        {
         $isDomain = $false
        }

    if ($isDomain)
    {
        $MyPassword=Get-LapsADPassword -Identity $PARAMETER1$ -AsPlainText
        if ($MyPassword.Password)
           {
            $Result.Username="%USERNAME%"
            $Result.Password=$MyPassword.Password
           }
        else
           {
            $Result.Cancel=$True
            $Result.ErrorMessage="LAPS did not return any value!"
           }
    }
    else
    {
        $Result.Cancel=$True
        $Result.ErrorMessage="Your computer must be connected to a domain to use LAPS features!"
    }
}
else
{
        $Result.Cancel=$True
        $Result.ErrorMessage="The LAPS module must be installed in this architecture!"
}

Add the PowerShell script
Add the PowerShell script

  1. In the Parameters tab, add the local administrator account name in the Parameter #1 field.
    Set the local administrator account name
    Set the local administrator account name
  2. Click Add to save the entry in the specified destination folder.
  3. In your RDP entry properties, set the Credentials property to use the newly created Custom credentials entry.
    Set the Credentials parameter to use the Custom credentials entry
    Set the Credentials parameter to use the Custom credentials entry
  4. Still in the RDP entry properties, go to Advanced – Advanced.
  5. Set the Override domain property to Use Host Name and the Username format property to {Domain}\{User}.
    Set the advanced properties
    Set the advanced properties
  6. Click on Update to save your changes.

The RDP entry is now ready to be used and connect with the local administrator account managed by Windows LAPS.

From Remote Desktop Manager v.2024.3 on, LAPS credentials entries are official entries and no longer need to be custom-made. The host's Username setting still needs to be changed to the remote host, otherwise the authentication will use the local host by default. To make this change, enter $HOST$\username (username stands for the remote host's username), in the GeneralHost - Username field.

Devolutions Forum logo Give us Feedback