Lapstoolkit - Tool To Audit Too Assail Laps Environments


Functions written inward PowerShell that leverage PowerView to audit as well as develop on Active Directory environments that direct keep deployed Microsoft's Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated yesteryear sysadmins, finding users alongside "All Extended Rights" that tin persuasion passwords, as well as viewing all computers alongside LAPS enabled.
Please submit issues or comments for whatever problems or functioning improvements. This projection was created alongside code from an older version of PowerView.
For to a greater extent than information on how LAPS plant run into https://adsecurity.org/?p=1790.

Get-LAPSComputers:
Displays all computers alongside LAPS enabled, password expriation, as well as password if user has access

Find-LAPSDelegatedGroups:
Searches through all OUs to run into which AD groups tin read the ms-Mcs-AdmPwd attribute

Find-AdmPwdExtendedRights
Parses through ExtendedRights for each AD figurer alongside LAPS enabled as well as looks for which grouping has read access as well as if whatever user has "All Extended Rights". Sysadmins may non hold upwards aware the users alongside All Extended Rights tin persuasion passwords as well as may hold upwards less protected than the users inward the delegated groups. An illustration is the user which adds a figurer to the domain automatically receives the "All Extended Rights" permission. Since this component volition parse ACLs for each AD computer, this tin accept rattling long alongside a larger domain.

Special thank you lot to Sean Metcalf (@pyrotek3), Will Schroeder (@harmj0y), Karl Fosaaen (@kfosaaen), Matt Graeber (@mattifestation) for query as well as code alongside LAPS, AD permissions, as well as offensive PowerShell.