LAPS Dashboard

This tool scans Active Directory for LAPS compliance. LAPS stands for the Local Administrator Password Solution, a Microsoft tool designed to help organizations store Local Administrator passwords securely without impeding proper access as needed.

The LAPS Dashboard can be filtered by Domain and OU.

The LAPS chart is interactive, and either portion of the pie chart that is clicked will populate the list of devices associated with that section in the bottom section of the dashboard.

Results can be exported to CSV (via the button at the bottom right of the page).

LAPS Tool screenshot

How Information is Collected

Information is pulled from your ConfigMgr database and the LAPS passwords are pulled from Active Directory.  

Where the tool is located

In the Assets and Compliance section of ConfigMgr, click on LAPS under the Recast Software Node.

LAPS Actionable Results

  • As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):

LAPS Security Tools screenshot

Recast Permissions

Microsoft Permissions

The LAPS tool requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. For the left pie chart to work, permissions to read the LAPS password attribute are needed. For the right pie chart, permissions to device hardware inventory are necessary.