Git Product home page Git Product logo

poormanscloudlaps's Introduction

poorMans CloudLAPS

a simple solution for Servers

It all started from leanLAPS from LiebenConsulting: leanLAPS

Forked from simpleLAPS from TrueKillRob:https://github.com/TrueKillRob/slaps/tree/main

Features

  • Does not require/modifying registry keys
  • Does not store passwords locally
  • Can automatically rename the local Administrator account
    • Can remove/cleanup any other local admin accounts
    • Administrators group Cleanup can be filtered by SID
  • Stores passwords in Azure Key Vault using Computer Name
  • Authentication using Azure App
  • Maximum possible security - App only requires 'Set Secret' permission on key vault (Cannot read secrets)
  • Logs activites to a Log Analytics Workspace
  • Does not need external PowerShell modules
  • Does not use/need Intune
  • Uses Windows Password expiration policy to establish password reset cadence

Prerequirements:

  • Source code from here
  • A method for deploy files and scheduled tasks to intended computers
  • Microsoft Azure Key Vault
  • Microsoft Azure Log Analytics

Creation of Azure KeyVault and Log Analytics Workspace

  1. Logon to Azure
  2. Create Resource Group or use an existing
  3. Create a KeyVault in a region of your choice
  4. Set Permissions in your KeyVault using RBAC
  5. Create a Log Analytics workspace [https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal]

Creating a parameters file

  1. Run createConfig.ps1 to create a sample configuration file
  2. Modify parameters as needed
  3. Rename config template file to CloudLAPS.xml, this file should be in the same folder where the script resides/is run from.

Installation of CloudLAPS.ps1

  1. On a test computer, create a folder like C:\Temp\CloudLAPS
  2. Clone this repo or download the CloudLAPS.ps1 file
  3. Copy the xml file using CloudLAPS.xml file name into the same folder.
  4. Open a powershell prompt, change to the folder and run the script.
  5. Check the local Application log file for a succesful result
  6. Check the Log Analytics workspace for activity **
  7. Check the Key Vault for the updated secret
  8. If all works, create a Scheduled Task that runs this script as SYSTEM with the desired frequency.

TODO:

  1. Switch to Managed Identity authentication (Azure VM and Arc Onboarded Servers).

poormanscloudlaps's People

Contributors

diegopict avatar elsrjuez avatar truekillrob avatar ucefdev-dv avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.