LAPS auditing with ADAudit Plus

Access to admin credentials got you worried about security?

With ADAudit Plus' LAPS event log auditing, continuously keep track of who is viewing or modifying local admin credentials.

ADAudit Plus' LAPS audit tool provides information on:

• Users who have viewed passwords.
• Users who have modified a password's expiration time and date.
  Usually, the LAPS changes passwords automatically on a frequent basis. ADAudit Plus notifies administrators when password expiration dates are extended due to the event's contentious nature.

LAPS Password Read Audit

LAPS Password Expiry Change Audit

Local administrator accounts have full access to the machine they are located on, and can assign rights and permissions to users as necessary. But, managing local administrative accounts has always been a problem. In the past, using a common username and password to simplify access for help desk admins was standard practice. This left systems vulnerable to attacks, including pass the hash attacks that obtain clear text passwords without the use of brute force. 

The Local Administrator Password Solution (LAPS) can help mitigate attacks and also act as a central repository of local administrator passwords in Active Directory, without the need for additional software applications or special hardware. LAPS uses group policy client-side extensions that generate random passwords for every member on the domain. It also automatically generates new passwords upon expiration, which are stored in a secure attribute inside the computer's Active Directory computer account. A domain administrator can then allow a preferred set of users to read these passwords using their own AD credentials.

Since LAPS contains domain-wide, local administrator security information, it is essential to monitor and audit LAPS.