- All of Microsoft
Windows Local Administrator Password Solution (LAPS) Password Retrieval
Retrieving current and historical LAPS passwords stored in Azure AD using PowerShell and REST API.
Windows Local Administrator Password Solution (LAPS) is a Microsoft product that helps organizations store and centrally manage the local administrator passwords of their Windows machines. It provides a secure way of managing local account passwords, and ensures that all machines in the organization have a unique, randomly generated password.
The LAPS solution utilizes the PowerShell scripting language to securely store and retrieve local administrator passwords, as well as a REST API for integration with other systems. The PowerShell cmdlets allow administrators to easily manage and rotate passwords, while the REST API provides access to the passwords from other systems and applications. With LAPS, organizations can rest assured that their local administrator passwords are securely managed and can be retrieved quickly when needed.
- 00:00 - Introduction
- 01:14 - Fetching with PowerShell
- 05:38 - Using REST API
- 08:35 - Closing
► Sample script:
🔗
[https://raw.githubusercontent.com/johnthebrit/RandomStuff/master/AzureAD/LAPSPass.ps1]
► Windows LAPS documentation:
🔗
[https://learn.microsoft.com/windows-server/identity/laps/laps-overview]
Questions and Answers about Azure/Azure Weekly Update
From the LAPS UI window, enter the CCSU computer name and click on Search. The temporary administrator password for that computer will be displayed. You may highlight the password, then right-click and choose Copy to copy it into your clipboard.
The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.
Windows LAPS with Microsoft Entra (Azure AD) and Microsoft Intune support is now in public preview as of April 21st 2023.
To change a local account password from PowerShell, use these steps: Open Start on Windows 10. Search for PowerShell, right-click the top result, and select the Run as administrator option. Type the new password for the account and press Enter.