Microsoft this week announced its new Windows Local Administrator Password Solution (LAPS), which aims to boost security by preventing “pass-the-hash and lateral-transversal attacks”.
You may already be familiar with LAPS, which has been a part of the Microsoft Download Center for years.
Microsoft says the solution was previously “used to manage the password of a specified local administrator account by regularly rotating the password and backing it up to Active Directory (AD). LAPS has proven itself to be an essential and robust building block for AD enterprise security on premises.”
Windows LAPS is a revamp of the previous service, offering the same features and additional benefits. It is worth noting that Microsoft says the original LAPS will remain in the Download Center and will be known as Legacy LAPS.
Many Features from Azure Active Directory
As for the new solution, Windows LAPS, it merges with Windows systems to offer more tools from Azure Active Directory:
- “Retrieves stored passwords via Microsoft Graph.
- Creates two new Microsoft Graph permissions for retrieving only the password “metadata” (i.e., for security monitoring apps) or the sensitive cleartext password itself.
- Provides Azure role-based access control (Azure RBAC) policies for authoring authorization policies for password retrieval.
- Includes Azure management portal support for retrieving and rotating passwords.
- Helps you manage the feature via Intune!
- Automatically rotates the password after the account is used.”
Microsoft points out the tool is “ready to go out-of-the-box” and no installation is necessary. Furthermore, future updates to the service will come as part of Patch Tuesday monthly updates.
Speaking of Patch Tuesday, Windows LAPS made its debut on the updates for April 2023 Patch Tuesday. This month's security fixes also brought changes to Windows, such as LAPS and changes to the Start menu.
Windows LAPS is currently in preview and will reach public availability later this year.
Tip of the day: When Windows 10 or Windows 11 has issues, it's not rare to run into startup problems. Corrupted Windows files, incorrect system configuration, driver failure, or registry tweaks can all cause this issue.
Using Windows startup repair can fix boot issues caused by the most prevalent issues. Though it may seem that all is lost when you run into startup problems, it's important to try a Windows boot repair so you can at least narrow down the source of the issue. If it doesn't work, you may have to reinstall the OS or test your hardware.
