Configure LAPS with a Custom Credential entry

Index

The following guide describe how to add a PowerShell script in a Custom Credential entry to connect on remote machine using Microsoft LAPS.

Microsoft LAPS is required and must be properly configured in your environment to use this solution.

Steps

  1. In Remote Desktop Manager , create a new Custom Credential entry.

    Create a Custom Credential entry.png
    Create a Custom Credential entry.png

  2. Add the following PowerShell script in General - Command.

    • Please note that it uses the $HOST$ variable for the -ComputerName switch of the Get-AdmPwdPassword cmdlet and use the $PARAMETER1$ variable for the username (see step 3 below).
      Import-Module AdmPwd.PS -ErrorAction SilentlyContinue
      $isImport = Get-Module -List AdmPwd.PS
      if ($isImport)
      {
        try
        {
          $null2 = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
          $isDomain = $true
        }
        catch
        {
          $isDomain = $false
        }
        if ($isDomain)
        {
          $MyPassword=Get-AdmPwdPassword -ComputerName:$HOST$
          if ($MyPassword.Password)
          {
            $Result.Username=$PARAMETER1$
            $Result.Password=$MyPassword.Password
          }
          else
          {
            $Result.Cancel=$True
            $Result.ErrorMessage="LAPS did not return any value!"
          }
        }
        else
        {
          $Result.Cancel=$True
          $Result.ErrorMessage="Your computer must be connected to a domain to use LAPS features!"
        }
      }
      else
      {
        $Result.Cancel=$True
        $Result.ErrorMessage="The LAPS module must be installed in this architecture!"
      }
      
      Add the PowerShell script in General - Command.png
      Add the PowerShell script in General - Command.png
  3. Add the local administrator account name in the Parameter #1 field of the Parameters tab.

    Set local administrator account name in Parameters - Parameter #1.png
    Set local administrator account name in Parameters - Parameter #1.png

  4. Save the Custom Credential entry.

  5. In the RDP entry properties, set the Credentials property to use the newly created Custom Credential entry.

    Set Credential parameter to use the Custom Credential entry.png
    Set Credential parameter to use the Custom Credential entry.png

  6. In Advanced - Advanced of the RDP entry, set the Override domain property to Use Host Name and the Username format property to {Domain}{User}.

    Set Advanced properties.png
    Set Advanced properties.png

  7. The RDP entry is now ready to be used and connect with the local administrator account managed by Microsoft LAPS.