2 min read Windows

Windows LAPS PowerShell Commands

Windows LAPS PowerShell Commands

Are you familiar with the latest Windows LAPS PowerShell cmdlets? These cmdlets were introduced in the latest version of Windows and allow you to manage Local Administrator Password Solution (LAPS) settings via PowerShell.

LAPS is a tool that allows you to manage the passwords of local administrator accounts on Windows computers. With LAPS, you can set unique, randomly generated passwords for these accounts, which are then securely stored in Active Directory. This helps to improve security and reduce the risk of a security breach due to weak or compromised passwords.

💡
If you're interested in implementing the new Windows LAPS but need some help getting started, don't hesitate to reach out for assistance.

The latest Windows LAPS PowerShell cmdlets make it easy to manage LAPS settings via PowerShell. With these cmdlets, you can automate LAPS tasks and manage LAPS settings across multiple computers, saving time and improving efficiency.

New LAPS PowerShell cmdlets:

  • Get-LapsAADPassword - use to query Azure Active Directory for Windows LAPS passwords.
  • Get-LapsDiagnostics - use to collect diagnostic information for investigating issues.
  • Find-LapsADExtendedRights - use to discover which identities have been granted permissions for an Organization Unit (OU) in Windows Server Active Directory.
  • Get-LapsADPassword - use to query Windows Server Active Directory for Windows LAPS passwords.
  • Invoke-LapsPolicyProcessing - use to initiate a policy processing cycle.
  • Reset-LapsPassword - use to initiate an immediate password rotation.
  • Set-LapsADAuditing - use to configure Windows LAPS-related auditing on OUs in Windows Server Active Directory.
  • Set-LapsADComputerSelfPermission - use to configure an OU in Windows Server Active Directory to allow computer objects to update their Windows LAPS passwords.
  • Set-LapsADPasswordExpirationTime - use to update a computer's Windows LAPS password expiration time in Windows Server Active Directory.
  • Set-LapsADReadPasswordPermission - use to grant permission to read the Windows LAPS password information in Windows Server Active Directory.
  • Set-LapsADResetPasswordPermission - use to grant permission to update the Windows LAPS password expiration time in Windows Server Active Directory.
  • Update-LapsADSchema - use to extend the Windows Server Active Directory schema with the Windows LAPS schema attributes.

Examples

Set-LapsADComputerSelfPermission -Identity 'OU=Servers,OU=Tier1,OU=LakeForest,DC=LakeForestConsulting,DC=com' -Verbose

Download the commands

LAPS PowerShell Commands
LAPS PowerShell Commands.xlsx
14 KB
download-circle

Published by:

Kaido Järvemets

You might also like...

Apr
17

How to Update the Windows Server Active Directory Schema for the Latest Version of Windows LAPS

2 min read
Apr
16

Windows LAPS - New Group Policy Settings

3 min read
Apr
15

Windows LAPS EventIDs and XPath Queries

4 min read
Apr
12

Introducing the New and Improved Windows LAPS: Local Administrator Password Solution

2 min read
Feb
10

Simplifying Cyber Defense: How to Configure Attack Surface Reduction Rules with PowerShell

4 min read

Member discussion