Skip to main content

Overview

The LAPS command checks for Local Administrator Password Solution (LAPS) installation and configuration. LAPS is a Microsoft solution that manages and rotates local administrator passwords, storing them in Active Directory. Understanding LAPS deployment helps assess credential management and local admin access controls.

Syntax

Seatbelt.exe LAPS

Remote Execution

Seatbelt.exe LAPS -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns LAPS configuration:
  • Installation status
  • LAPS administrative template installation
  • Password complexity settings
  • Password length
  • Password age
  • Managed account name
  • Registry settings

Use Cases

  • Red Team
  • Blue Team
  • Determine if local admin passwords are managed
  • Assess password rotation policies
  • Identify non-LAPS managed systems
  • Plan lateral movement strategies
  • Understand credential management posture

Example Output

====== LAPS ======

[*] LAPS Enabled                : True
[*] LAPS Admin Account Name     :
[*] LAPS Password Complexity    : 4 (Large, Small, Numbers, Specials)
[*] LAPS Password Length        : 14
[*] LAPS Password Age (Days)    : 30

Registry Settings:
  AdmPwdEnabled                 : 1
  PasswordComplexity            : 4
  PasswordLength                : 14
  PasswordAgeDays               : 30

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Low detection risk - queries registry for LAPS configuration.