The following guide describes how to add a PowerShell script in a custom credentials entry to connect on a remote machine using Windows LAPS (formerly Microsoft Laps).
Windows LAPS is required and must be properly configured in your environment to use this solution.
-
In Remote Desktop Manager, create a new entry in the ribbon under the Edit tab.
-
In Credential management, select the Custom entry type.
-
Name your entry and select its destination folder.
-
In the General tab, make sure the drop-down menu is set to PowerShell.
-
Add the following PowerShell script in the Command box.
Please note that the script uses the $HOST$ variable for the
-ComputerName
switch of theGet-LapsADPassword
cmdlet and use the $PARAMETER1$ variable for the username (see step 6 below).Import-Module LAPS -ErrorAction SilentlyContinue $isImport = Get-Module -List LAPS if ($isImport) { try { $null2 = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain() $isDomain = $true } catch { $isDomain = $false } if ($isDomain) { $MyPassword=Get-LapsADPassword -Identity $PARAMETER1$ -AsPlainText if ($MyPassword.Password) { $Result.Username="%USERNAME%" $Result.Password=$MyPassword.Password } else { $Result.Cancel=$True $Result.ErrorMessage="LAPS did not return any value!" } } else { $Result.Cancel=$True $Result.ErrorMessage="Your computer must be connected to a domain to use LAPS features!" } } else { $Result.Cancel=$True $Result.ErrorMessage="The LAPS module must be installed in this architecture!" }
-
In the Parameters tab, add the local administrator account name in the Parameter #1 field.
-
Click Add to save the entry in the specified destination folder.
-
In your RDP entry properties, set the Credentials property to use the newly created Custom credentials entry.
-
Still in the RDP entry properties, go to Advanced – Advanced.
-
Set the Override domain property to Use Host Name and the Username format property to {Domain}\{User}.
-
Click on Update to save your changes.
The RDP entry is now ready to be used and connect with the local administrator account managed by Windows LAPS.