This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bitlocker keys

Go to solution
informatica1
Engaged Sweeper

‎05-20-2022 10:04 AM

Hello,

I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!

I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...
Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
SWResearch
Engaged Sweeper II
In response to informatica1

‎05-20-2022 02:34 PM

Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670

View solution in original post

0 Kudos
5 REPLIES 5
Go to solution
informatica1
Engaged Sweeper

‎05-20-2022 10:25 AM

Is possible to create an account able to retrive the keys but don't have domain admin rights?
0 Kudos
Go to solution
SWResearch
Engaged Sweeper II
In response to informatica1

‎05-20-2022 10:43 AM

It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.

0 Kudos
Go to solution
informatica1
Engaged Sweeper
In response to SWResearch

‎05-20-2022 12:04 PM

SWResearch wrote:
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.



So should i create a group with that permissions or windows already have an pre created group with that settings?

Thanks
0 Kudos
Go to solution
SWResearch
Engaged Sweeper II
In response to informatica1

‎05-20-2022 02:34 PM

Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670
0 Kudos
Go to solution
SWResearch
Engaged Sweeper II

‎05-20-2022 10:18 AM

ccm wrote:
Hello,

I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!

I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...


Account requires access to computer objects in AD, to access ms-Mcs-AdmPwd attribute on the computer object.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now