Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português

Info icon Announcement: 2026 KuppingerCole PAM Leadership Compass: BeyondTrust recognized as an Overall Leader and top Product Leader among 36 evaluated vendors. Access the Report

  • Home
  • Resources
  • Managing Local Administrator Accounts with LAPS; And Protecting LAPS from Attack current page
Link copied

Managing Local Administrator Accounts with LAPS; And Protecting LAPS from Attack

Resource default
Managing Local Administrator Accounts with LAPS; And Protecting LAPS from Attack

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

In this webinar, I’ll show you the major components of Microsoft LAPS such as:

  • LAPS schema extensions to AD
  • Local LAPS agent
  • Client-side GPO extension
  • Interactive LAPS application
  • PowerShell tools

Then as we shift to the security and risks of LAPS we’ll consider:

  • How attackers might use LAPS to gain information about the environment
  • LAPS vulnerabilities and attack methods
  • Important LAPS best practices and security checks you should run if you are using LAPS

At the end of the day, most security researchers agree that LAPS is a decent implementation for what it does, but it is very much a point solution. It only addresses the local Administrator account which is one very important but narrow issue when it comes to privileged account management.

We should never be using the local administrator account anyway for any kind of normal day-to-day administration. The local admin account is a necessary evil just like root on Unix; it’s there for when your domain and local systems are so fried the only way to access the system is with a local privileged account. A generic, all-powerful account with no accountability between IT staff.

In addition to everything else you do to secure Administrator, if you are following best practice and avoid ever using Administrator, then you should set a highest level alert in your SIEM for whenever it sees a successful logon by Administrator – or whatever you renamed it to.

So, implementing LAPS – securely – and doing the necessary monitoring of LAPS related attributes in AD and LAPS events on member computers will help you reduce the risks associated with “Administrator”. But we’ll take it further with our sponsor BeyondTrust, who will briefly show you how their technology suite provides comprehensive management of privilege across the entire AD/Windows/Unix environment, including passwords, least privilege and auditing.

Please join us for this on-demand real training for free solution.

Learn More About On-Prem and Cloud LAPS Alternatives

What Does Microsoft Local Administrator Password Solution Really Do? (blog)

A Microsoft LAPS Cloud Alternative: Enabling & Securing Azure AD with BeyondTrust (blog)

Latest
  • Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    May 14, 2026 Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    Resources
    1m
  • BeyondTrust Executive Summary
    Feb 25, 2026 BeyondTrust Executive Summary
    Resources
    1m
Related
  • CIS Controls 7.1 - Use the Top 20 to Identify and Mitigate IT Risk
    Nov 8, 2018 CIS Controls 7.1 - Use the Top 20 to Identify and Mitigate IT Risk
    Resources
    1m
  • BeyondTrust Executive Summary
    Feb 25, 2026 BeyondTrust Executive Summary
    Resources
    1m
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.