Windows LAPS - local administrators firmly in control

24 July 2023

Improved security for local administrator accounts

Administrative rights on company computers can be handy, but they often come with insecure and repetitive passwords. In this blog post, we talk about a solution that helps to improve the security of local administrator accounts: Windows LAPS.

LAPS stands for Local Administrator Password Solution. Almost 10 years ago, Microsoft developed the "LAPS" tool, which automatically and regularly changes local passwords and stores them centrally.

About the author

Patrick Jochmann

Modern Workplace Consultant

About the author

Patrick Jochmann

Modern Workplace Consultant

Improved security for local administrator accounts

Administrative rights on company computers can be handy, but they often come with insecure and repetitive passwords. In this blog post, we talk about a solution that helps to improve the security of local administrator accounts: Windows LAPS.

LAPS stands for Local Administrator Password SolutionAlmost 10 years ago, Microsoft developed the "LAPS" tool, which automatically and regularly changes local passwords and stores them centrally.

What advantages does LAPS offer?

Unique passwords

Each local administrator of a computer has their own cryptic admin password, which prevents the use of default passwords.

Regular rotation

The passwords are changed automatically at predefined intervals.

Limited impact

If a password is compromised, not all systems are directly at risk.

What's new?

Why are we writing about LAPS now? Microsoft recently released the new Windows LAPS the successor to the classic LAPS solution. Windows LAPS now offers various Advantagesthat administrators have been waiting for a long time:

Icon integration

Direct integration

The technology is now integrated directly into the computer's operating system, which means that separate software no longer needs to be rolled out.

Icon functions

Extended configuration options

Windows LAPS offers new functions that optimise the use and security of the solution.

The biggest advantage of Windows LAPS is still the Centralised storage of passwordsbut now new: Also in the Azure AD or Intune. No more dependencies on onPrem systems!

To emphasise the importance of Windows LAPS in practice To illustrate this, let us consider the following scenario:
Imagine an organisation has a considerable number of computers on which local administrator accounts are set up with identical and weak passwords. In the worst-case scenario, the employees also have local administrator rights on their workstation computers due to their duties. One day, an employee's company laptop is stolen or an attacker gains access to the device via malware, for example.

Firstly, the attacker will try to find out the access data of the local administrator. Immediately afterwards, he will try to access other computers in the network with these credentials. It will not be long before the access data works on a computer on which IT administrators may be working or from which important servers are accessed. In technical jargon, this is called "Lateral Movement"This means gaining access to more in-depth systems with initially not so important access data.

If IT were to notice this, you would now be faced with having to manually change the passwords on all devices. And what happens to the systems that are currently inaccessible, e.g. in the home office? This process would be time-consuming, error-prone and could lead to significant operational disruptions.

Windows Laps

With Windows LAPS, the scenario would be very different. The Passwords would be unique, they rotate regularly and are more cryptic than the very simple access data that is often used. The centralised storage of passwords in Azure AD and the associated device management via Intune enables the organisation to change the password for the device concerned. to be changed immediately and prevent the attacker from accessing other systems. At the same time, the remaining computers would continue to retain their individual, changing passwords, which is a High security of the environment

This example shows how Windows LAPS can help to minimise potential security risks and limit the damage in the event of a security incident. By implementing LAPS, organisations can improve the management of their local administrator accounts and ensure a higher level of security and control over their IT infrastructure.

Do you have any questions?

If you are not yet familiar with LAPS, have not yet implemented it or would like to find out more about the benefits of the new solution, we will be happy to help you introduce Windows LAPS. Contact us and benefit from increased security with minimum effort.

Make an appointment directly
Your registration could not be saved. Please try again.
Your registration was successful.

Microsoft 365 News

In our newsletter we inform you about the latest Microsoft 365 news, trends and interesting opportunities and present important information from Microsoft in an easily understandable way.

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance