Op 12-04-2023 om 09:57 schreef Rowland Penny via samba:> > > On 12/04/2023 08:51, Kees van Vloten via samba wrote: >> >> Op 12-04-2023 om 09:47 schreef Arnaud FLORENT via samba: >>> Hello everybody >>> >>> >>> does/will samba AD support t LAPS GPO ? >>> >>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview >>> >>> >>> >>> As far as I understand, this requires schema extension >> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference >> >> >> >> Here's a good description of what to do: >> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad >> >> >> >> - Kees. >> >> > > Let me say at the start, I do not use LAPS, but isn't the TranquilIT > page about using the legacy version and there appears to be a new kid > in town ? > > RowlandI think that is SRP, which is described in the same document. - Kees.
Op 12-04-2023 om 09:57 schreef Rowland Penny via samba:> > > On 12/04/2023 08:51, Kees van Vloten via samba wrote: >> >> Op 12-04-2023 om 09:47 schreef Arnaud FLORENT via samba: >>> Hello everybody >>> >>> >>> does/will samba AD support t LAPS GPO ? >>> >>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview >>> >>> >>> >>> As far as I understand, this requires schema extension >> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference >> >> >> >> Here's a good description of what to do: >> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad >> >> >> >> - Kees. >> >> > > Let me say at the start, I do not use LAPS, but isn't the TranquilIT > page about using the legacy version and there appears to be a new kid > in town ? > > RowlandI think that is SRP, which is described in the same document. - Kees. It is indeed, I found this: Software Restriction Policies <https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies>(SRP) in Group Policy: Instead of using the Software Restriction Policies through Group Policy, you can useAppLocker <https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview>orWindows Defender Application Control <https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control>to control which apps users can access and what code can run in the kernel.
On 12/04/2023 09:12, Kees van Vloten via samba wrote:> > Op 12-04-2023 om 09:57 schreef Rowland Penny via samba: >> >> >> On 12/04/2023 08:51, Kees van Vloten via samba wrote: >>> >>> Op 12-04-2023 om 09:47 schreef Arnaud FLORENT via samba: >>>> Hello everybody >>>> >>>> >>>> does/will samba AD support t LAPS GPO ? >>>> >>>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview >>>> >>>> >>>> As far as I understand, this requires schema extension >>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference >>> >>> >>> Here's a good description of what to do: >>> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad >>> >>> >>> - Kees. >>> >>> >> >> Let me say at the start, I do not use LAPS, but isn't the TranquilIT >> page about using the legacy version and there appears to be a new kid >> in town ? >> >> Rowland > > I think that is SRP, which is described in the same document. > > - Kees. > > >Not sure you are correct there, 'legacy' uses 2 attributes, the new one uses 7, see here: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference Rowland