You probably know about the newer Windows LAPS (now in GPO > System\LAPS), but are you really taking advantage of all its capabilities?
What’s “new” in LAPS?
- Password Backup for DSRM accounts
- Password Encryption for extra security
- Automatic Account Management (not just the built-in Administrator)
- Backup Directory Configuration
But here’s what really caught my attention:
- Improved Readability Mode – No more struggling to rewrite complex passwords! A simple change that makes LAPS so much more user-friendly.
- Post Authentication Actions – Decide what happens after usage:
- Reset the password
- Log off the account
- Reboot the machine
- Even terminate all remaining processes!
Practice Verified Codes and Commands:
1. Enable LAPS in Group Policy:
Import-Module AdmPwd.PS Update-AdmPwdADSchema Set-AdmPwdComputerSelfPermission -OrgUnit "OU=Computers,DC=domain,DC=com"
2. Configure LAPS Policy:
Set-AdmPwdPasswordComplexity -Complexity "LargeLetters, SmallLetters, Numbers, Special" Set-AdmPwdPasswordLength -Length 14
3. Retrieve LAPS Password:
Get-AdmPwdPassword -ComputerName "Computer01"
4. Reset LAPS Password:
Reset-AdmPwdPassword -ComputerName "Computer01"
5. Configure Post-Authentication Actions:
Set-AdmPwdPostAuthenticationAction -Action "ResetPassword"
What Undercode Say:
LAPS (Local Administrator Password Solution) is a powerful tool for managing local administrator passwords in a Windows environment. The new features, such as password backup for DSRM accounts and improved readability mode, make it even more versatile. The ability to configure post-authentication actions adds an extra layer of security, allowing administrators to reset passwords, log off accounts, reboot machines, or terminate processes after usage.
To further enhance your cybersecurity posture, consider integrating LAPS with other security tools and practices. For example, you can use PowerShell scripts to automate the deployment and management of LAPS across your network. Additionally, combining LAPS with Windows Defender and other endpoint protection solutions can provide a comprehensive security framework.
Here are some additional commands and tips to maximize the benefits of LAPS:
- Audit LAPS Usage:
Get-AdmPwdPassword -ComputerName "Computer01" | Export-Csv -Path "C:\LAPS_Audit.csv"
Monitor LAPS Events:
Get-WinEvent -LogName "Microsoft-Windows-LAPS/Operational"
Backup LAPS Passwords:
Backup-AdmPwdPassword -ComputerName "Computer01" -BackupPath "C:\LAPS_Backup"
Integrate LAPS with SIEM:
Configure your SIEM to monitor LAPS events and alerts for suspicious activities.Automate LAPS Deployment:
Use Group Policy Objects (GPOs) to automate the deployment of LAPS across your domain.Secure LAPS with Encryption:
Ensure that LAPS passwords are encrypted both in transit and at rest.Regularly Update LAPS:
Keep LAPS updated to the latest version to benefit from new features and security patches.Train Your Team:
Provide training for your IT staff on how to effectively use and manage LAPS.Document LAPS Configuration:
Maintain detailed documentation of your LAPS configuration and policies.Test LAPS in a Lab Environment:
Before deploying LAPS in production, test it in a lab environment to ensure compatibility and effectiveness.Monitor LAPS Performance:
Regularly monitor the performance of LAPS to ensure it is functioning as expected.Review LAPS Logs:
Periodically review LAPS logs for any anomalies or issues.Implement LAPS Best Practices:
Follow best practices for LAPS implementation, such as using strong passwords and regularly rotating them.Combine LAPS with Other Security Measures:
Use LAPS in conjunction with other security measures, such as multi-factor authentication and network segmentation.Stay Informed:
Keep up-to-date with the latest developments and updates related to LAPS.
By following these tips and commands, you can maximize the benefits of LAPS and enhance the security of your Windows environment. Remember, cybersecurity is an ongoing process, and tools like LAPS are just one piece of the puzzle. Stay vigilant, stay informed, and always be prepared to adapt to new threats and challenges.
Additional Resources:
References:
Hackers Feeds, Undercode AI
