
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 10:04 AM
Hello,
I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!
I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...
I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!
I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 02:34 PM
Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670
5 REPLIES 5

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 10:25 AM
Is possible to create an account able to retrive the keys but don't have domain admin rights?

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 10:43 AM
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 12:04 PM
SWResearch wrote:
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.
So should i create a group with that permissions or windows already have an pre created group with that settings?
Thanks

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 02:34 PM
Apologies I was mixing up LAPS attribute and BitLocker recovery information, the attribute was msFVE-REcoveryInformation, see the following for details on setting up access, https://kb.wisc.edu/iam/page.php?id=72670

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2022 10:18 AM
ccm wrote:
Hello,
I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!
I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...
Account requires access to computer objects in AD, to access ms-Mcs-AdmPwd attribute on the computer object.
