Configure LAPS with a custom credentials entry

The following guide describes how to add a PowerShell script in a custom credentials entry to connect on a remote machine using Windows LAPS (formerly Microsoft Laps).

Windows LAPS is required and must be properly configured in your environment to use this solution.

  1. In Remote Desktop Manager, create a new entry in the ribbon under the Edit tab.

  2. In Credential management, select the Custom entry type.

    Create a Custom credentials entry
    Create a Custom credentials entry

  3. Name your entry and select its destination folder.

  4. In the General tab, make sure the drop-down menu is set to PowerShell.

    Set the drop-down menu to PowerShell
    Set the drop-down menu to PowerShell

  5. Add the following PowerShell script in the Command box.

    Please note that the script uses the $HOST$ variable for the -ComputerName switch of the Get-LapsADPassword cmdlet and uses the $PARAMETER1$ variable for the username (see step 6 below).

    Also note that depending on your environment, the $PARAMETER$ could be related to the -Identity.

    You can also configure the parameter 2 to set the username you need and change the script value from %USERNAME% to $PARAMETER2$.

    We recommend to launch Remote Desktop Manager as an administrator to gain elevated permissions.

    Import-Module LAPS -ErrorAction SilentlyContinue
    $isImport = Get-Module -List LAPS
    if ($isImport)
    {
        try
            {
             $null2 = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
             $isDomain = $true
            }
        catch
            {
             $isDomain = $false
            }
    
        if ($isDomain)
        {
            $MyPassword=Get-LapsADPassword -Identity $PARAMETER1$ -AsPlainText
            if ($MyPassword.Password)
               {
                $Result.Username="%USERNAME%"
                $Result.Password=$MyPassword.Password
               }
            else
               {
                $Result.Cancel=$True
                $Result.ErrorMessage="LAPS did not return any value!"
               }
        }
        else
        {
            $Result.Cancel=$True
            $Result.ErrorMessage="Your computer must be connected to a domain to use LAPS features!"
        }
    }
    else
    {
            $Result.Cancel=$True
            $Result.ErrorMessage="The LAPS module must be installed in this architecture!"
    }
    

    Add the PowerShell script
    Add the PowerShell script

  6. In the Parameters tab, add the local administrator account name in the Parameter #1 field.

    Set the local administrator account name
    Set the local administrator account name

  7. Click Add to save the entry in the specified destination folder.

  8. In your RDP entry properties, set the Credentials property to use the newly created Custom credentials entry.

    Set the Credentials parameter to use the Custom credentials entry
    Set the Credentials parameter to use the Custom credentials entry

  9. Still in the RDP entry properties, go to Advanced – Advanced.

  10. Set the Override domain property to Use Host Name and the Username format property to {Domain}\{User}.

    Set the advanced properties
    Set the advanced properties

  11. Click on Update to save your changes.

The RDP entry is now ready to be used and connect with the local administrator account managed by Windows LAPS.

Give us Feedback