LAPS

Local Administrator Password Solution provides management of local account passwords for domain connected systems.

Installation

Some of it has to be installed on the server, some of it on the clients.

Server

Modify the registry!

Clients

Only need the GPO CSE (which seems to amount to AdmPwd.dll).

Errors

Insufficient rights when running Schema Update PS. From truedigitalsecurity

If you receive the error “The user has insufficient access rights.” you will want to place yourself in the Schema Admin group, but only until the process is complete, then immediately take the account back out of the group because Schema Admins have access to make changes to the Active Directory Schema, which is the entire backbone of the Active Directory forest environment.