Open jamesaepp opened 1 year ago
The latest beta version of PingCastle (available in the download portal if you are a registered user) includes this new feature. It will be also included in the next official version of PingCastle
Hello !
I have tested the version of PingCastle 3.2.0.1 with the new LAPS but it doesn't work properly.
From the code https://github.com/vletoux/pingcastle/blob/933316dab78685caaf4e2cee3dd541511035e73a/Healthcheck/LAPSAnalyzer.cs#L34
PingCastle only check ms-LAPS-Password
but my client use msLAPS-EncryptedPassword
.
To avoid this LAPS conflict, is it possible to use msLAPS-PasswordExpirationTime
instead ?
Thanks for the great software!
I recently installed a new forest and setup the new Windows LAPS introduced below.
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
When running pingcastle 3.0.0.3, the LAPS check under anomalies is matched. I'm guessing Pingcastle is relying on the legacy LAPS implementation. It would be great to have a hybrid approach here to detect the new Windows LAPS systems (and its features). Other things that would be really cool to detect:
etc.