The Local Administrator Password Solution (LAPS) Web Dashboard displays LAPS compliance. The dashboard can help you to quickly determine if passwords are stored using Microsoft's LAPS tool, which is designed to help organizations store Local Administrator passwords securely without impeding the required access.
Run a LAPS Scan#
To scan devices for LAPS compliance:
1. In your Recast Management Server, navigate to Dashboards > LAPS.
2. On the LAPS Dashboard page click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory.
Your Configuration Manager information is automatically selected. It is used to determine the LAPS client install state.
4. Click Save & Run Scan.
Edit Configuration Filters#
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot#
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot after a scan runs, click Create Snapshot.
Create a Trend#
Schedule regular snapshots to view LAPS compliance over a set period of time. See LAPS Web Dashboard Trend.
LAPS Charts#
LAPS Password in AD: Displays devices with and without a LAPS Password in Active Directory.
LAPS Client Install State: Displays devices with and without the LAPS Client installed.
Click on a segment of the chart or legend to view details in the table.
LAPS Tabs#
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Microsoft Permissions for the Proxy Service Account#
- Requires read rights to Active Directory OUs and their computer objects contained within for the specific domain.
- LAPS Password in AD: Requires permissions to read the LAPS password attribute.
- LAPS Client Install State: Requires permissions to device hardware inventory.