AdmPwd.E is like a padlock on your company door.
Keeping company data safe is simple with us. Does your company have simple matrix for creating passwords? Can former employees spread this information to others outside your company?
If so, all your company data are in jeopardy. Imagine it as locking your house with rusted padlock. You’ve got to start engaging more with what might be, not just with what is.
The „Admin Password Manager for Enterprise“ (AdmPwd.E) was developed by the creator of the open source AdmPwd Solution. Eventually, AdmPwd became LAPS (Local Administrator Password Solution) and Microsoft included it in its products portfolio. AdmPwd.E simplifies password management while helping customers implement recommended defenses against possible cyberattacks.
AdmPwd.E is based on the same concepts as AdmPwd, such as secure management of local account passwords of domain joined Windows machines, Group Policy integration, Group Policy management. Passwords are stored in Active Directory (AD) and encrypted, so only eligible users can read it or request its reset.
AdmPwd.E latest version implements additional features highly asked for by customers, including Password history management, Support for deleted computer objects, etc.
For more information about new version
Password history management
Administrators can access previously used passwords as needed.
PDS keeps simple and clear audit trail in a dedicated log detailing every operation performed. So, you will not need to review thousands of events in the Security log for domain controller to determine who was reading or resetting the password for admin account on a particular machine.
Password management of domain user account
PDS can manage password of domain user accounts. This is an extremely useful feature enabling management of privileged accounts. Password change automatically, and eligible users will be able to access them as needed.
Coming soon: Integration with RDP (Remote Desktop Protocol) Managers! User will not even need to know the password to RDP server. Integration retrieves the password automatically and sends it to RDP session.
Passwords stored in Active Directory cannot be viewed in clear-text. Users who have read access to the attribute that stores the password, cannot access the password. Password encryption addresses concerns regarding compliance of solution with various regulations, such as PCI-DSS.
Solution offers its own security model with easy-to-understand „Read admin password“ and „Reset admin password“ permissions. So, you will not need to understand and delegate the native Read/Write/Control Access permissions, which was necessary for working with the original version of LAPS.
Increased client-side resiliency
Management agent improves the reliability of the password for the managed administrator account. If someone manually changed the password for the managed administrator (which would make the password stored in AD outdated), management agent would detect this and reset the password during the next management cycle, keeping the actual password in sync with the password stored in AD.
HSM support for storage of private keys
PDS can save private keys to a broad range of HSM devices via Crypto Service Gateway (CSG), which maximizes the key protection and gives you the best return on your investment in the HSM solution.
Do you need to retrieve a password from a deleted computer object? Solution works directly with recycled objects and retrieves passwords immediately. So, you will not need to contact the administrator to restore the deleted computer account. You will just need to read the local administrator password.
Support for deleted computer objects
Do you need to manage multiple AD forests from single console? This is possible thanks to the multi-forest capability of solution.
Why not settle for the LAPS?
Comparison of key parameters of two similar and so different products.
Usage of actual company infrastructure
(Active directory + PowerShell)
solution is comletelly off-line, it means no attack from outside
solution is ready for cloud usage
Admin passwords are stored to Active directory encrypted
Easy password parametrization
compatible with your company PWD policy, PWD length,...
Operations with deleted objects
Show password on deleted computer
Show password history
Admin can show password history
Auditing trajectory of all operations
Easy integration to your system/application by integration SDK
Private keys management
Storing private keys in a diverse portfolio of HSM systems
We build ecosystem
Solution is simple to deploy with Microsoft installer package, Windows Installer (MSI). MSI package is installing management agent (with alternative install even without MSI) for client side. This package automatically updates LAPS clients for easy upgrade from LAPS solution. MSI package is installing management tools and Password Decryption Service (PDS).
Our solution builds an ecosystem.
Let’s check GitHub and find out more:
How to integrate it with management tools to provide admin password management capability from your applications – helpdesk system, homegrown applications, etc.
How to implement Keystore for Password Decryption Service (PDS) private keys.
We publish the code samples as complete Visual Studio projects that show how to build additional capabilities. Some of these samples have potential to become the mainstream product features!