How to Deploy the LAPS by SCCM – Part 2

This post demonstrates the deployment procedure for Local Administrator Password Solution (LAPS) via SCCM, continuing from Part 1.

• How to deploy the LAPS by SCCM – Part 1
• How to deploy the LAPS by SCCM – Part 3

Create Task Sequence

Rather than deploying the package directly to device collections, a task sequence approach is recommended. SCCM will show errors even when the deployment is successful because the package deployment does not recognize the exit code.

Steps to Create Task Sequence

1. Create a new custom task sequence

2. Add an Install Package task in the Task Sequence Editor

   • Browse and select the LAPS package created previously
   • Select the Copy File program

3. Configure Operating System conditions on the Options tab

   • Add condition for Operating System Version
   • Select all 64-bit operating systems as needed
   • Repeat the procedure for x86 version

4. Add a Run Command Line task

   • Enter the following command to register the DLL silently:

regsvr32.exe %windir%\AdmPwd.dll /s

The final task sequence should contain three tasks total.

Deploy Task Sequence

Configuration settings ensure silent installation:

1. In Deploy Software Wizard, select Required
2. In User Experience settings, uncheck Show Task Sequence progress to avoid interrupting users

Verify the Deployment

• Monitor progress through the SCCM console’s Monitoring section
• Verify successful installation by checking files on the local machine

The client computer should now be ready for LAPS. Next, we will go through the server-side configuration including schema extension, machine permissions, and Group Policy settings.

Read More

• How to deploy the LAPS by SCCM – Part 1
• How to deploy the LAPS by SCCM – Part 3