Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

ADAP-LAPS

 

Audit Active Directory LAPS

Local administrator accounts have full access to the machine they are located on, and can assign rights and permissions to users as necessary. But, managing local administrative accounts has always been a problem. In the past, using a common username and password to simplify access for help desk admins was standard practice. This left systems vulnerable to attacks, including pass the hash attacks that obtain clear text passwords without the use of brute force. 

The Local Administrator Password Solution (LAPS) can help mitigate attacks and also act as a central repository of local administrator passwords in Active Directory, without the need for additional software applications or special hardware. LAPS uses group policy client-side extensions that generate random passwords for every member on the domain. It also automatically generates new passwords upon expiration, which are stored in a secure attribute inside the computer's Active Directory computer account. A domain administrator can then allow a preferred set of users to read these passwords using their own AD credentials.

Since LAPS contains domain-wide, local administrator security information, it is essential to monitor and audit LAPS. ADAudit Plus' LAPS reporting tool audits LAPS and provides administrators with graphical reports and on-demand audit information. 

ADAudit Plus' LAPS audit tool provides information on:

  • Users who have viewed passwords.
  • Users who have modified a password's expiration time and date.
    Usually, the LAPS changes passwords automatically on a frequent basis. ADAudit Plus notifies administrators when password expiration dates are extended due to the event's contentious nature.
LAPS Password Expiry Change Audit
LAPS Password Read Audit

Thus, ADAudit Plus helps strengthen your existing credential theft mitigation and monitoring strategies with top-notch AD LAPS audit software.

Other ADAudit Plus Features

Real-Time Windows Active Directory Auditing

Windows Logon/Logoff Auditing

Windows File Servers Auditing

Windows Servers Auditing

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting
Live Chat with our Experts