In the past, Kraft Kennedy has blogged about using Microsoft LAPS (Local Administrator Password Solution) as a tool to “mitigate the risk of a Pass the Hash (PtH) credential replay attack, in which a malicious entity obtains a random user’s password hash and attempts to log on using the hash instead of entering the plaintext password.”
Since then, many Kraft Kennedy clients have implemented the solution.
Today I came across a great article by Michael Rendino, Microsoft Senior Premier Field Engineer, about checking the health of Microsoft LAPS after it has been installed. He brings up an excellent point regarding post-implementation security and writes:
“The challenge comes in knowing if it’s actually working. How do you know if your machines have ever set the password? Or maybe they set it once and haven’t updated it since even though it’s past the designated expiration date? It’s definitely worth monitoring to ensure that your machines are operating as expected.”
Have look at the article, run the scripts, and see how healthy your LAPS environment is. Hopefully, you’re in great health.