LAPS – Securing Local Administrator Accounts

Presentation

LAPS (Local Administrator Password Solution) is a free solution provided by Microsoft that allows the security of workstations.

LAPS allows for each computer in OR to randomly generate a password for the local Administrator account and store it in an Active Directory attribute (ms-Mcs-AdmPwd). It ‘relies on the SID of the account which is structured in the same way on any post, which makes it possible to apply LAPS to any language of Windows or even to rename the administrator account.

It is also possible to configure a password expiration date (ms-Mcs-AdmPwdExpirationTime), which will force a new password for the Local Administrator account.

LAPS is in the form of “client / server”, it requires the installation of a part on the server (s) domain controller and the registration of a DLL on the client computers.

Prerequisites :

  • Minimum server: Windows 2003 SP1.
  • Minimum post: Windows 8.1.

If you are in an environment with multiple domain controllers, you must install the group policy definition on all servers or use a central store. In the second case, the files (% WINDIR% \ PolicyDefinitions \ AdmPwd.admx and% WINDIR% \ PolicyDefinitions \ en-US \ AdmPwd.adml) must be copied after installation to the central store.

 

Download LAPS.



Related Posts


Sophos XG: installation on Hyper-V
In this tutorial, we will have how to install a Sophos XG firewall on a virtual machine with Hyper-V. For this article, I used the Sophos XG home version which is available for free. Prerequisites Download the ISO firewall on the site sophos and reco

ADFS: Installation and Configuration
In this article, I propose to discover the AD FS and Proxy (WAF) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra. What's this ? ADFS and the proxy that accompanies it can put several things in pla

Active Directory : increase the functional level of the domain and the forest
Presentation The functional level of the domain and forest corresponds to the "version" of your Active Directory environment and allows access to more or fewer features depending on the level of each. Mainly this level change occurs when upgrading to

Leave a Comment