Local Administrator Password Solution (LAPS) Dashboard

The Local Administrator Password Solution (LAPS) dashboard displays LAPS compliance. The dashboard can help you to quickly determine if passwords are stored using Microsoft's LAPS tool, which is designed to help organizations store Local Administrator passwords securely without impeding the required access. This dashboard pulls information from your ConfigMgr database and Active Directory.

To scan devices for LAPS compliance:

1. In your Configuration Manager console, navigate to Assets and Compliance > Recast Software > LAPS Dashboard.

2. Filter by Domain or OU.

3. Click Scan.

LAPS Tool screenshot

LAPS Charts

LAPS Password in AD: Displays devices according to whether they have passwords stored in Active Directory.

LAPS Client Install State: Overall compliance of the LAPS client installed in the selected OU.

Click a segment of the chart or legend to view the associated list of devices.

Results can be downloaded by clicking Export to CSV at the bottom right of the page.

Actionable Results

As with all of the RCT Security and Compliance Dashboards, LAPS results are actionable with Right Click Tools (and support multi-select).

Tools commonly run from this dashboard include AD LAPS Password and Set LAPS Password Expiration.

LAPS Security Tools screenshot

Recast Permissions

No additional permissions required.

Microsoft Permissions

  • Requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. 
  • Left-hand chart: Requires permission to read the LAPS password attribute.
  • Right-hand chart: Requires permissions to device hardware inventory.