Microsoft will release a new version of Local Administrator Password Solution (LAPS), which provides new Azure AD features as well as new Active Directory OnPrem features and some migration features from the old version to the new one.
A video explaining everything in detail can be found here:
This video includes a nice overview showing how LAPS is working internally using CSP (lapscsp.dll), PowerShell (lapspsh.dll) or GPOs and LAPS core logic (laps.dll) which then reads and updates the expiry of accounts as well as updates their password, either in Azure Active Directory or in Windows Server Active Directory on premise:
Source: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-concepts
LAPS can be used as solution against pass-the-hash (https://attack.mitre.org/techniques/T1550/002) and lateral-traversal attacks (https://attack.mitre.org/tactics/TA0008), as well as for securing user help desk access or recover to devices with a fine-grained security model and for RBAC in Azure AD.
No comments:
Post a Comment