AdmPwd.E

We do present AdmPwd.E

AdmPwd.E is a security solution designed exclusively for the MS Windows platform to protect privileged accounts (commonly known as administrator accounts).
It enables you to protect local admin accounts and custom domain accounts (for example, so-called secondary accounts, intended for access to database, application or other important servers).

The solution aims to ensure that an attacker who infiltrates the organization's environment does as little damage as possible and ensures that each of the protected accounts never has the same password (the password changes over time for each account), what significantly reducing the risk of damage potential cyber attack. The individual user to whom the account belongs does not know the password. The system will automatically use it for him if necessary. Passwords for individual accounts can be read or reset only by authorized users. Password management is managed through group policies (GPOs).

The solution consists of a client and a server part. The client part is installed on individual stations. The server part is usually installed on a Domain Controller or other well-secured domain member server from where it serves individual stations, communicates with Active Directory, keeps an audit trail and reports. Passwords are stored (encrypted - using RSA) in Active Directory. Installation of the solution is simple, it can be handled by your local IT usually within one day.
Anyway, we are ready to help!

» learn more « hide detail

AdmPwd.E pricing
AdmPwd.E documentation
Downloads

Key Features

Multi-instancy support: the solution is cleverly built for high availability, the level of which can be scaled efficiently.

Central audit: all operations are logged to a central repository.

Additional password protection: individual passwords are stored in Active Directory encrypted (RSA cipher).

HSM support: keys for encryption and decryption of passwords can be stored in various HSM solutions using Crypto Service Gateway,
we also support Azure KeyVault.

Support for deleted objects: the solution offers the possibility to read the password history for already deleted AD objects.

Multi-forest support: allows communication of objects from different forests (even where no trust relationship is set).

» learn more « hide detail

Why not settle for the LAPS?

Comparison of key parameters of two similar and so different products.

LAPS AdmPwd.E
Usage of actual company infrastructure (Active directory + PowerShell)
Off-line security solution is comletelly off-line, it means no attack from outside
Cloud ready solution is ready for cloud usage
Password encryption Admin passwords are stored to Active directory encrypted
Easy password parametrization compatible with your company PWD policy, PWD length,...
Operations with deleted objects Show password on deleted computer
Show password history Admin can show password history
Audit trail Auditing trajectory of all operations
Integration SDK Easy integration to your system/application by integration SDK
Private keys management Storing private keys in a diverse portfolio of HSM systems

Pricing of AdmPwd.E

Our solution comes with the following pricing levels based on amount of managed computers.

Annual Subscription

Free
US$ 0.0 /managed machine & year
  • up to 20 machines
  • includes license for 1 managed domain account
  • ideal for small companies or PoC
Small
US$ 3.0 /managed machine & year
  • up to 1,000 machines
  • includes license for 2 managed domain account
  • features next business day support
Medium
US$ 1.5 /managed machine & year
  • up to 20,000 machines
  • includes license for 3 managed domain account
  • features next business day support
Large
US$ 1.2 /managed machine & year
  • over 20,000 machines
  • includes license for 5 managed domain account
  • features next business day support

Four years + one year free

We offer a 4 + 1 option license for those of you who prefer one-time payment over subscription. Prices vary based on number of managed computers, other condtitions remain the same as above.

Free
US$ 0.0 /managed machine
Small
US$ 12.0 /managed machine
Medium
US$ 6.0 /managed machine
Large
US$ 4.8 /managed machine

Indicative Price Calculation

30 Days Free Trial

Documentation

Documentation Hub

Specifications, Guides and How-To’s – all in one place.

Detail

Extensions - tools and apps

Extension tools and applications that demonstrate capabilities of solution and integration into 3rd party code.

Detail

For Developers

Developer documentation of integration SDK, for integration with other apps.

Detail

Additional key store

Implementation of additional KeyStores that extend solution capabilities for storage of crypto keys.

Detail

INSTALATION AND CONFIGURATION TUTORIAL

Use Cases

Downloads

We always support two last versions

Latest version

Version 7.7.5.0 | released 6/12/2020

New features

1. PS: Added support for PS core.
2. PDS: Added support for service diagnostics detailed logging.

Bug fixes

1. PDS: Fixed bug with null reference exception when SDI Mapping is configured with empty description

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Microsoft.AspNetCore.Mvc.Localization.LocalizedHtmlString
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf

Older versions

Version 7.7.4.1 | released 10/21/2020

New features

1. Added suport for generating license file with root forest GUID instead of DNS forest name. So these sensitive data will not leave borders of your company, now.
2. Updated logos and graphics.
3. PDS: Standardized all times written by PDS to AD as UTC; SDK: All times in types produced by SDK are standardized as UTC.

Bug fixes

1. Fixed bugs in password history management.

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it).
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf

Version 7.7.3.0 | released 4/18/2020

New features

None, just CSE bug fixing.

Bug fixes

1. CSE: Fixed issue of password changing too frequently when GPO: "Protect against manual password change" is turned on.

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it).
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf

Version 7.7.2.0 | released 1/1/2020

New features

1. ​Client tools now support working with multiple independent PDS instances in different AD forests.
2. Added support for management of PDS Madatory groups from PowerShell.

Bug fixes

1. PDS: Fixed regression in handling PDS Mandatory Groups configuration that caused incorrect AccessDenied error when user was member of mandatory group.
2. Client tools: Fixed bug with unnecessary adding of PDS endpoint when original PDS inaccessible.

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it).
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf

Version 7.7.1.0 | released 12/24/2019

New features

1. ​Added more PDS configuration PowerShell cmdlets: PDS configuration can now be fully managed from PowerShell - no need to manage content of PDS.coinfig file directly.
2. Client activity reporting now on Nano server: We added Client activity reporting to CSE build for Nano server.
3. CSE setup now more protects non-domain-joined machines from admin account password reset: PROTECTBUILTINADMIN action during setup now works as is only on domain joined maschine. For machines outside of workgroup, you need to add parameter FORCE=true for this action to happen. This is to minimize chance of unwanted locking of machine outside of domain.
4. Powershell module can now retrieve passwords directly as secure string via Get-AdmPwdCredential command (together with planning for automatic password reset).

Bug fixes

1. PDS: Fixed bug with wrong keyID stored for managed domain account on immediate password reset.
2. PDS: Fixed bug with ForestNotSupported error when manipulating supported forest configuration via PowerShell.
3. CSE: Fixed bug with flipping of desired builtin admin account state controlled by GPO.
4. CSE Setup: Fixed bug in PROTECTBUILTINADMIN that caused waiting for regular automatic change too long instead of on first GPO update after install.
5. UI: Fixed wrong window title.

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it).
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf

Version 7.7.0.0 | released 6/14/2019

New features

1. ​Dedicated standalone PDS configuration file: PDS configuration is now stored in dedicated file PDS.config. This makes upgrades easier as this file is not removed by installer during uninstall, and any configuration changes are preserved. File AdmPwd.PDS.exe.config stores only mandatory runtime configuration.
2. New PDS management PowerShell: New PowerShell commandlets to manage PDS configuration: supported forests, SID mappings and managed account containers. See documentation for more details.
3. Fat client: Added support for password retrieval of managed domain accounts.
4. Enhanced support for management of remote forests: Now it’s easy to manage list of supported forests – trusted and untrusted – via new PowerShell cmdlets and explicit connection credentials.
5. Client for Windows Nano server: Now also supports centralized client reporting.
6. Support for Windows Server 2019: Solution fully tested and supported with Windows server 2019.

Bug fixes

1. CSE: Fixed bug that caused GPO framework problem on 3rd GPO update when centralized client reporting was not configured.
2. PDS: Fixed bug that caused PDS to count used licenses incorrectly.

Security fixes

None

Installers x64

1. CSE: Download
2. PDS and management tools: Download

Installers x86

1. CSE: Download
2. PDS and management tools: Download

Installer arm64

1. CSE: Download

APPX package for Windows 2016 Nano server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it).
AdmPwd.E.Client.Nano.zip

Tools

mRemoteNG: popular open source multi-protocol Remote Desktop Connection Manager now supports automatic password
retrieval and usage via AdmPwd.E for RDP and ICA connections.

1. RunAsAdmin: running processes as other user without the need to specify password.
2. RDPClient: Simple RDP client that allows connecting to servers without the need to specify password for user account.
3. WebUI: Ready to use Web UI for local admin password retrieval and reset.

Note: Source code for all tools is on GitHub

LDF files for AD Schema extension and Extended Rights registration:
1. AdmPwd_Full.ldf
2 ExtendedRights.ldf