You Might Want to Audit Your LAPS Permissions - Part2

Since publishing part one, I've had questions, concerns, and feedback from readers, customers, friends, and other Microsoft engineers. In today's blog, I'd like to address some of those to hopefully provide even more clarity on why auditing LAPS in your enterprise is so important.

I'm going to start by addressing a comment that I got from a cyber security engineer:
Security Engineer: "Our users don't have the Remote Server Administration Tools (RSAT) on their workstations, so I don't see this as a big risk".

Me: “Uh oh. If you think that, being a security guy, then you probably aren't the only one.”
Me: Proceeded to show examples of why having RSAT on the workstation doesn't matter.

Note to self: Write this down - good content to share…

Ok, so why was this so alarming to me? In short, it's because you don't need the RSAT tools to accomplish this. You could use any number of tools to search a directory with the Lightweight Directory Access Protocol (LDAP), to include some that have no prerequisites and are built into the Windows OS. I just need to be a regular user with a relatively modern Windows OS that has PowerShell on it, and I have the ability to harvest LAPS passwords if delegations aren't kept in check on computer objects.

Read more


Content-Key: 753203396


Printed on: July 28, 2021 at 08:07 o'clock