This repository has been archived by the owner on Aug 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
Permissions
Ryan Newington edited this page Jun 24, 2018
·
10 revisions
The Lithnet LAPS web app uses <targets> and <readers> to control access to computer LAPS password entries.
<targets>
<target name="OU=Server Management,DC=dev1,dc=local" type="Container" expire-after="02:00:00">
<audit emailOnSuccess="true" emailOnFailure="true" emailAddresses="server-admins@lithnet.io"/>
<readers>
<reader principal="DEV1\ServerAdmins" />
</readers>
</target>
<target name="OU=Workstations,DC=dev1,dc=local" type="Container" expire-after="03:00:00">
<audit emailOnSuccess="true" emailOnFailure="true" emailAddresses="desktop-admins@lithnet.io"/>
<readers>
<reader principal="DEV1\WorkstationAdmins" />
</readers>
</target>
<target name="IDM-D1AD1-V01" type="Computer" expire-after="01:00:00">
<audit emailOnSuccess="true" emailOnFailure="true" emailAddresses="domain-admins@lithnet.io"/>
<readers>
<reader principal="DEV1\Domain Admins" />
</readers>
</target>
</targets>A target is an OU, container, computer, or group that you want to control the LAPS password to.
<target name="OU=Server Management,DC=fim-dev1,dc=local"
type="Container"
expire-after="02:00:00">
...
</target>| Property | Description |
|---|---|
name |
Required. The name of the computer, group, or OU |
type |
Required. The type of the target. Allowed values are Container, Computer or Group
|
expire-after |
Optional. The amount of time the password will remain valid for after being accessed. For example, if this is set to 01:00:00 (1 hour) then the LAPS password will be set to expire one hour after it has been accessed |