→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
informatica1
Engaged Sweeper
Hello,

I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!

I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...
1 ACCEPTED SOLUTION
Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670

View solution in original post

5 REPLIES 5
informatica1
Engaged Sweeper
Is possible to create an account able to retrive the keys but don't have domain admin rights?
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.

SWResearch wrote:
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.



So should i create a group with that permissions or windows already have an pre created group with that settings?

Thanks
Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670
SWResearch
Engaged Sweeper II
ccm wrote:
Hello,

I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!

I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...


Account requires access to computer objects in AD, to access ms-Mcs-AdmPwd attribute on the computer object.