LAPS Toolkit

Theory

LAPS Toolkit

Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsoft's Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins, finding users with "All Extended Rights" that can view passwords, and viewing all computers with LAPS enabled.

Practical

Import

import-module .\lapstoolkit.ps1

Commands

# Find laps enabled accounts
get-lapscomputers

# Find laps delegated groups
Find-LAPSDelegatedGroups

# Parse through Extended Rights
Find-AdmPwdExtendedRights

Manual Commands

# Find admin password
Get-ADComputer <domain controller> -Properties ms-Mcs-AdmPwd

REFERENCES

https://github.com/leoloobeek/LAPSToolkit
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-how-to-configure-microsoft-local/ba-p/2806185

PreviousBrute Force NextPFX File

Last updated 8 months ago