Adding the ReadSharedUser Right

When implementing LAMS (LAPS at the MSP scale) a new Right has to be added to the Management Console to grant techs the right to read the shared user’s password. The name of the Right is “ReadSharedUser” and the type of the right has to match the type of the agent. The right type must match the type of the agent and will be “SharedLocalMachine” in almost all cases. To add the Right follow these steps.

  1. Login to the Management Console
  2. Click on “RIGHTS” on the menu on the far left.
  3. At the bottom of the page click on “Create New Right”
  4. Fill in the following information
    1. Name: ReadSharedUser
    2. Account Type: SharedLocalMachine
    3. Description: Read Shared User (LAMS)
  5. Click “CREATE” and there should be a right that looks like the screen shot. 

Now that you have created the right you need to grant the right to some techs. 

Create a Right Group, or use an existing Right Group, and put the new right in the group.

Create a Triplet, or use an existing Triplet, and grant some group of techs the new right on the LAMS agent(s). 

If there are any questions, please contact