Monday, December 31, 2018

Local Administrator Password Solution(LAPS) - Microsoft Free Password Management Tool

Local Administrator Password Solution (LAPS):

                                                                            is a Microsoft product that manages the local administrator password and stores it in Active Directory (AD). This solution automatically updates the password on a routine basis. The Microsoft Infrastructure (MI) team has implemented the LAPS schema extensions and created a default set of permissions to retrieve a password stored in AD.

 Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.

LAPS Architectural Diagram:


Img Source: Microsoft


Deployment Steps :




Security

  • Random password that automatically regularly changes on managed machines
  • Effective mitigation of Pass-the-hash attack
  • Password is protected during the transport via Kerberos encryption
  • Password is protected in AD by AD ACL, so granular security model can be easily implemented

Manageability

  • Configurable password parameters: age, complexity and length
  • Ability to force password reset on per-machine basis
  • Security model integrated with AD ACLs
  • End use UI can be any AD management tools of choice, plus custom tools (PowerShell and Fat client) are provided
  • Protection against computer account deletion
  • Easy implementation and minimal footprint

Requirements

  • Active Directory:
    • Windows 2003 SP1 and above
  • Managed/Client machines:
    • Windows Server 2016
    • x86 or x64
    • Windows Server 2012 R2 Datacenter
    • Windows Server 2012 R2 Standard
    • Windows Server 2012 R2 Essentials
    • Windows Server 2012 R2 Foundation
    • Windows 8.1 Enterprise
    • Windows 8.1 Pro
    • Windows Server 2012 Datacenter
    • Windows Server 2012 Standard
    • Windows Server 2012 Essentials
    • Windows Server 2012 Foundation
    • Windows 8 Enterprise
    • Windows 8 Pro
    • Windows Server 2008 R2 Service Pack 1
    • Windows 7 Service Pack 1
    • Windows Server 2008 Service Pack 2
    • Windows Vista Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Itanium NOT supported
  • Management tools:
    • .NET Framework 4.0
    • PowerShell 2.0 or above
Download Link :

https://www.microsoft.com/en-us/download/details.aspx?id=46899