Skip to content
This repository has been archived by the owner on Aug 4, 2024. It is now read-only.

Installing the app

Jump to bottom
Ryan Newington edited this page Oct 15, 2019 · 12 revisions

The Lithnet LAPS web app is an ASP.NET application that runs on IIS on Window Server 2008R2 and above.

Prerequisites

  1. Deploy LAPS across your fleet. Getting LAPS up and running is out of scope of this guide. Make sure LAPS is working and you can read the LAPS passwords using the Microsoft-provided tools.
  2. Create a service account to run the LAPS web app as, and configure it with permissions to read your LAPS passwords, and optionally set LAPS expiry dates. This service account must have the Logon as a batch job right
  3. Obtain an SSL certificate for your web site
  4. Install IIS on your LAPS server with the following minimum role services
  • .Net Extensibility (v4.x)
  • ASP.NET (v4.x)
  • ISAPI Extensions
  • ISAPI Filters
  • Static content
  1. Install at least .NET Framework 4.8 on your LAPS server

Installation procedure

  1. Create a folder to host the web site (Usually C:\inetpub\LAPS) and unzip the latest build from the releases page into this folder
  2. Open IIS Manager, and right-click Application Pools and select Add Application Pool. Name the application pool LAPSWeb and set the framework version to .NET Framework 4, and ensure that the Integrated pipeline mode is selected.

  1. Right-click the newly created application pool, and select Advanced settings. Modify the Identity to the service account you created in the prerequisites section

  1. In the IIS Manager, right click Sites and Add web site. Set your site name, and ensure you select the application pool that was created in the previous step. Specify the path you unzipped the content to (eg C:\inetpub\lapsweb). It is strongly recommended to use a HTTPS binding with an appropriate certificate.

  1. If you plan on using Windows Authentication, select Authentication and ensure Windows Authentication is enabled, and all others are disabled. If you plan on using WS-Federation or OpenID Connect, ensure that Anonymous authentication is enabled and all others are disabled. Note that additional steps are required to configure the authentication type which are detailed on the authentication options page.

  1. Run the following commands from an admin command prompt on the server, substituting LAPS for the name of your IIS site you created in step 4

%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers

%windir%\system32\inetsrv\appcmd.exe unlock config "LAPS" -section:system.webServer/handlers /commit:site

  1. Configure access permissions

  2. Review the other configuration settings and modify them as appropriate for your environment

Clone this wiki locally