LAPS
Last updated
Was this helpful?
Last updated
Was this helpful?
The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.
This page is about enumeration, you may have a look on LAPS-based attacks and
We can check if LAPS is installed by enumerating related files and folders
By reading the GPO configuration file, you may retreive following informations: Password complexity, Password length, Password chage frenquency, the LAPS managed account name, and password expiration protection policy.
If LAPS is deployed by GPO, we can identify the configuration file to discover some details about the configuration.
We may enumerate if LAPS is installed by checking GPOs with .
The is a tool to audit and attack LAPS environments. We may use following commands to enum computers which have LAPS enabled.
After downloading the GPO registry.pol file which location is at the gpcfilesyspath
obtained while enumerating GPOs, we can useParse-PolFile
from and obtain LAPS related informations.
You may enumerate principals that can read the LAPS password on given systems by using , , or even .
We can enumerate who can read the LAPS password using 's .
We can enumerate who can read the LAPS password using (LAPS PowerShell module). You can check if it's installed as follow:
The is a tool to audit and attack LAPS environments. We may use following commands to enum users that can read LAPS passwords.