LAPS Dashboard

This tool scans Active Directory for LAPS compliance. LAPS stands for the Local Administrator Password Solution, a Microsoft tool designed to help organizations store Local Administrator passwords securely without impeding proper access as needed.

The LAPS Dashboard can be filtered by Domain and OU.

The LAPS chart is interactive, and either portion of the pie chart that is clicked will populate the list of devices associated with that section in the bottom section of the dashboard.

Results can be exported to CSV (via the button at the bottom right of the page).

LAPS Tool screenshot

Where the tool is located

In the Assets and Compliance section of ConfigMgr, click on LAPS under the Recast Software Node.

LAPS Actionable Results

As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):

LAPS Security Tools screenshot

Permissions

The LAPS Dashboard requires the following permissions:

Recast Permissions

Requires the Query AD permission in the Active Directory plugin. Additionally, it requires the Add or Remove Account from Group permission in the Active Directory plugin if it's desired to use the Add New Direct Group or Remove from Group features of the tool.

Microsoft Permissions

The LAPS tool requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. For the left pie chart to work, permissions to read the LAPS password attribute are needed. For the right pie chart, permissions to device hardware inventory are necessary.