Direct Inward Dialing: +1 408 916 9892
Local Administrator Password Solution (LAPS) has helped improve network security by assigning strong, unique passwords that can also be changed routinely. However, as these passwords are centrally stored in Active Directory, there is a risk that unauthorized users could also access the password reserve and login to any of the workstations. Since LAPS does not have a built-in auditing function, third-party applications will have to be used to audit the users who access the local administrator passwords.
ManageEngine ADAudit Plus, a real-time AD auditing solution offers a much easier alternative to the same process performed in native AD.
This article elaborates the ways of auditing LAPS password access using Windows PowerShell and ADAudit Plus.
Set-AdmPwdAuditing -Identity:Clients -AuditedPrincipals:Everyone
LAPS Password Reports reveal the users who have accessed the passwords in the chosen time frame. Only a small group of authorized users, usually network administrators, are allowed to access the passwords. Regularly checking the report can help ensure that only the designated users have access to the information.
These are the limitations of using PowerShell to audit LAPS:
ADAudit Plus is an Active Directory auditing and reporting tool that continuously audits the network and generates pre-packaged reports on all AD objects. It also creates real-time alerts in the event of any suspicious activity on the network. It has a separate section for LAPs and can swiftly generate reports as and when needed.