LAPS

LAPS, or the Local Administrator Password Solution, is Microsoft's solution for randomizing and maintaining zero-trust access to the Windows local administrator account. LAPS currently (or is set to support) a variety of scenarios. Here's a breakdown of the different methods currently supported with ETT-LAPS for password retrieval.

Legacy LAPS

Per Microsft's latest documentation, Legacy Emulation mode is the stock query currently configured on ETT-LAPS, and queries the LAPS storage location in an on-prem Active Directory environment.

Windows LAPS (On-Prem)

Per Microsoft's latest documentation, this query utilizes Microsoft's latest query structure, using a Get-LAPSADPassword command instead.

Azure AD Windows LAPS

Per Microsoft's latest documentation, Azure AD LAPS utilizes the Microsoft Graph PowerShell module. As well, this will require an Application Service set up in Azure AD, and the client will request a tenant ID and client ID to authenticate against the Microsoft Graph with.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

LAPS

Legacy LAPS

Windows LAPS (On-Prem)

Azure AD Windows LAPS

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally