Download the LAPS application here.
There is a good Walk-Through by Kyle Beckman (@kobeckman) that covers this topic well. He does a great job! I’m just adding Client Install & Admin Install information, if you want to use ConfigMgr. I’m going to point you to his Blog to get the Active Directory / Group Policy side setup, then you can use the information in this post for deploying the client & admin UI via ConfigMgr.
Part 1 – https://4sysops.com/archives/set-up-microsoft-laps-local-administrator-password-solution-in-active-directory/
Update 9/26/16 – Another nice post about setup: https://modalyitblog.wordpress.com/2016/09/25/automating-management-of-local-administrator-passwords-microsoft-laps/
Deploy Software to Clients w/ ConfigMgr Application
msiexec /i laps.x64.msi /qn
msiexec /i laps.x86.msi /qn
I’m using a custom rule to detect if system is x86 or x64, that information can be found here.
Deploy that to all of your clients.
Deploy Admin Tool w/ ConfigMgr Application
Now you’ll need the Admin UI to look up the Passwords for your Service Desk:
Now deploy this to your Service Desk, or make it available to the AD group that you granted permissions to, to lookup the passwords, then they can go grab it from the Application Catalog.
Once the Admin Install is complete, they will have the LAPS UI app available:
With the client now being pushed, and the group policys applied to the workstations, they will start to populate those atributes in AD.
Just as a note, if you have a process in place to automatically deletes inactive computers from AD, you will not have the ability to lookup the local administrator password any longer if the computer has been removed from AD, as the object in AD that held the local administrator password is gone: