Installing the app
The Lithnet LAPS web app is an ASP.NET application that runs on IIS on Window Server 2008R2 and above.
- Deploy LAPS across your fleet. Getting LAPS up and running is out of scope of this guide. Make sure LAPS is working and you can read the LAPS passwords using the Microsoft-provided tools.
- Create a service account to run the LAPS web app as, and configure it with permissions to read your LAPS passwords, and optionally set LAPS expiry dates
- Obtain an SSL certificate for your web site
- Install IIS on your LAPS server with the following minimum role services
- .Net Extensibility (v4.x)
- ASP.NET (v4.x)
- ISAPI Extensions
- ISAPI Filters
- Create a folder to host the web site (Usually C:\inetpub\LAPS) and unzip the latest build from the releases page into this folder
- Open IIS Manager, and right-click
Application Poolsand select
Add Application Pool. Name the application pool
LAPSWeband set the framework version to
.NET Framework 4, and ensure that the
Integratedpipeline mode is selected.
- Right-click the newly created application pool, and select
Advanced settings. Modify the
Identityto the service account you created in the prerequisites section
- In the IIS Manager, right click
Add web site. Set your site name, and ensure you select the application pool that was created in the previous step. Specify the path you unzipped the content to (eg C:\inetpub\lapsweb). It is strongly recommended to use a HTTPS binding with an appropriate certificate.
- If you plan on using Windows Authentication, select
Windows Authenticationis enabled, and all others are disabled. If you plan on using WS-Federation or OpenID Connect, ensure that
Anonymous authenticationis enabled and all others are disabled. Note that additional steps are required to configure the authentication type which are detailed on the authentication options page.
- Run the following commands from an admin command prompt on the server, substituting
LAPSfor the name of your IIS site you created in step 4
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers
%windir%\system32\inetsrv\appcmd.exe unlock config "LAPS" -section:system.webServer/handlers /commit:site