Welcome! Lapster is an application designed to streamline the process of searching for LAPS (Local Administrator Password Solution) information across various platforms. This application is particulary useful for IT administrators and security professionals who need to manage and secure a wide range of devices.
Lapster helps you search across all LAPS sources:
- Legacy LAPS clients (Windows Server 2016 and older) that store their password information in Active Directory in the
ms-Mcs-AdmPwd
AD attribute - Windows LAPS clients (Windows Server 2019 and newer, Windows 10, Windows 11) that store their password information in Active Directory in the
msLAPS-*
attributes - Windows LAPS clients (Windows 10, Windows 11) that store their password information in Microsoft Intune
For Lapster to connect to your Microsoft Graph instance, you will need to register an app for it first:
- Sign in to the Microsoft Entra admin center as at least an Application Developer.
- If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the
Directories + subscriptions
menu. - Browse to
Identity
>Applications
>App registrations
(or search forApp registrations
). - Select
New registration
. - Enter a Name for your application, for example
Lapster
. Users of your app might see this name, and you can change it later. - In the Supported account types section, select
Accounts in this organizational directory only (O365 only - Single tenant)
. - Select
Register
. - Under
Manage
, selectAuthentication
>Add a platform
. - Select
Mobile and desktop applications
. - In the Redirect URIs section, select
https://login.microsoftonline.com/common/oauth2/nativeclient
. - Select
Configure
. - In the Properties page, take note of the
Application ID
andTenant ID
.
At the moment, the application ID and tenant ID are built into the app. Before you build Lapster, modify App.xaml.cs
by pasting your Application ID
in the private static string ClientId
field and your Tenant ID
in the private static string Tenant
field.
To use Lapster, just search for a computer in the search box. Lapster will search AD and Intune and display and found passwords and their expiration dates. For Windows LAPS (Active Directory) passwords, the username and last refresh time will be displayed. If encryption and password history is enabled, all previous passwords stored in AD will be listed as well.
When searching for a computer, you may enter just the computer name to search the local domain. Enter the computer's FQDN to search another domain. Press CTRL + Enter
to skip searching Microsoft Graph if you know a computer has it's credentials stored on-premises.