pingcastle icon indicating copy to clipboard operation
pingcastle copied to clipboard

Published 20 hours ago verified publisher icon vletoux

Feature Request - New Windows LAPS Detection

Open jamesaepp opened this issue 1 year ago • 2 comments

Thanks for the great software!

I recently installed a new forest and setup the new Windows LAPS introduced below.

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747

When running pingcastle 3.0.0.3, the LAPS check under anomalies is matched. I'm guessing Pingcastle is relying on the legacy LAPS implementation. It would be great to have a hybrid approach here to detect the new Windows LAPS systems (and its features). Other things that would be really cool to detect:

  • Is the DFL high enough (2016) to support the LAPS password encryption features?
  • Informational - Is password history configured with LAPS?
  • Resolution of which users have effective rights to passwords (clear text or encrypted)
  • Are DSRM passwords being rotated with Windows LAPS?
  • Are post authentication actions enforced/configured?

etc.

jamesaepp avatar May 04 '23 18:05 jamesaepp