Lab Update…. LAPS Fully Implemented
A few days between my last post and now, I was able to get LAPS fully implemented on my lab domain. If you haven’t heard of LAPS, it’s a local admin password solution offered by Microsoft and is included at no extra cost. It aids and preventing pass the hash attack since every pc has a different and random local admin password. Local admin passwords are randomized and stored in Active Directory.
I have included two screen shots below that shows how you pull the local password for the PC. As you can see, you can pull the local password via a GUI client or by PowerShell. Side note, I figure someone will message or email me saying I put the local password out in the open. No need to worry. These are all on my lab domain that do not have outside internet access.
I am not going to go into detail or develop a walkthrough on setting up LAPS. The Internet has several tutorials. Also, the Microsoft website has a link where you can download the clients as well as all the documentation on how to setup LAPS. Just go to https://www.microsoft.com/en-us/download/details.aspx?id=46899.
I will say for anyone attempting to do this in a lab environment like mine, you will have some random errors. My lab environment is running several instances of VMware Player on a powerful laptop. I found several random errors while doing this. Just work through them and they will settle down. You may have to reboot your VMs a couple times but that’s a part of it. I hope to get a powerful server so I will not run into these issues.
If you are trying this out in a lab or production environment and have any questions, please reach out to me. Contact me on Twitter @johnwmintz or send me a message though my contact form.