1.1Introducing Microsoft® LAPS

The Microsoft Local Administrator Password Solution (LAPS) is a free tool for securing the Windows computers in your Active Directory environment.

By performing scheduled resets on the Local Administrator accounts on your domain-joined computers, LAPS helps to mitigate the threat of "Pass-the-Hash" type attacks against your network. It generates new passwords completely randomly, bypassing the need for shared or formulaic passwords, and stores them securely in Active Directory for the use of your Service Desk teams.

1.1.1How does LAPS work?

LAPS is a Client Side Extension (CSE) to Group Policy released for free by Microsoft. It creates two new protected attributes in your Active Directory schema for computer objects which are used to store the computer's Local Admin password and expiry information. Then a small client DLL is deployed to your managed Windows computers and sits unused until a Group Policy refresh operation occurs. At that point it performs its work:

  1. LAPS retrieves the current expiry date and time for the Local Administrator password on the current computer from Active Directory.
  2. If the expiry is not blank and is still in the future, nothing happens.
  3. Otherwise a new password is required, so LAPS generates one completely randomly according to your specifications (set in Group Policy).
  4. LAPS now attempts to record the new password in Active Directory, along with when the password will next expire.
  5. If that was successful, it will only then actually change the password of the Local Administrator account.

1.1.2What is a Pass-the-Hash attack?

Windows accounts are stored hashed (one-way encrypted) and are, in principal, accessible to anyone with access to that computer. A pass-the-hash attack uses this hash in place of the actual password to access resources on other computers on your network with the same account/password.

LAPS mitigates the threat of pass-the-hash attacks by ensuring each computer has a different password (and therefore different hash) for their Local Administrator account.

1.1.3What does LAPS cost?

Microsoft released LAPS completely free. You can download it along with its technical documentation from the link below.


1.1.4What management tools come with LAPS?

LAPS is packaged with a PowerShell module and a basic Windows client UI for retrieving and manually expiring passwords.

1.1.5Further Reading

For more information on Microsoft LAPS, please see the links below.

1.2What is OVERLAPS?

OVERLAPS is a self-hosted Microsoft LAPS alternative UI (user interface), a way of retrieving and expiring LAPS managed passwords through any modern browser on any network attached device. More than this, it removes the hassle of managing and maintaining Active Directory permissions for LAPS attributes by allowing you to specify which users or groups have access per-OU.

1.2.1How does OVERLAPS work?

  1. You install it on a computer or server which will act as the web server for OVERLAPS.
  2. Configure your Active Directory permissions to allow that computer the appropriate access to the LAPS password and expiry attributes.
  3. Setup SSL/TLS encryption to make sure everything is secure.
  4. Add users and/or groups, and specify what Organizational Units or containers that they are allows to access.
  5. Users can now login to OVERLAPS and access the LAPS managed passwords as needed.

1.2.2What are the limits/restrictions on OVERLAPS?

There aren't any. We don't specify a time limit, user limit or device limit. Once you've purchased OVERLAPS once it is yours forever, no matter how your service grows. We'll only ever require payment again if there is a major update version released, in which case we'll make a significantly reduced upgrade price available to existing customers.

1.2.3Where can I purchase OVERLAPS?

There are three options available to you to purchase OVERLAPS:

1. Purchase directly from us using a Credit or Debit card

Click here to go to the store page and follow the on-screen instructions.

2. Request an invoice

If you would prefer to receive an invoice and have payment handled by your Finance department, Contact us and we'll raise one for you. Note that we are able to process your purchase and generate license for you faster if you are able to provide a Purchase Order.

3. Use a Software Reseller

Alternatively, if you have a preferred software reseller that you have existing agreements with, simply ask them to contact us and we'll do the rest.

1.3System Requirements

Network Environment Requirements

A non-Cloud (not Azure) Active Directory domain is required, with Microsoft’s Local Administrator Password Solution (LAPS) installed and already configured.

Server Requirements

Operating System: Windows 8.1 Pro or higher, Windows Server 2012 R2 or higher.

By default OVERLAPS runs as the system account on the server (NT AUTHORITY\SYSTEM), and permission must be given to this account to read and write the LAPS properties (see Active Directory Permissions for OVERLAPS). Alternatively, if you are planning to use a Service Account to allow OVERLAPS to access Active Directory (see Active Directory), then that account must have the relevant LAPS permissions.

Client Requirements

Internet Browser: Any modern browser with JavaScript enabled.

1.4Free Trial Version

To download the trial version of OVERLAPS click the download button below and get started today.

OVERLAPS Trial (9.00Mb)

Requires: .NET Framework version 4.6.1

This trial version of the web user interface replacement for Microsoft LAPS offers customers the chance to go through the setup procedure and experience OVERLAPS for themselves before they buy. The only limitation of this demo version is that instead of displaying the LAPS managed passwords from Active Directory, the message "TRIALVERSION" is displayed in its place.

1.5Latest Patch Release Notes

2023-05-07 - Version

2023-04-24 - Version

2023-04-21 - Version

2022-12-30 - Version

2022-09-16 - Version

2022-01-11 - Version

2021-12-08 - Version

2021-09-23 - Version

2021-04-25 - Version

2021-03-09 - Version

2021-02-03 - Version

2021-02-01 - Version

2021-01-14 - Version

2020-11-22 - Version

2020-11-17 - Version

2020-11-16 - Version

2020-11-11 - Version

2020-11-09 - Version

2020-11-06 - Version

2020-10-30 - Version

2020-10-30 - Version

2020-10-23 - Version

2020-10-22 - Version

2020-10-04 - Version

2020-10-01 - Version

2020-09-17 - Version

2020-09-11 - Version

2020-08-28 - Version

2020-08-27 - Version

2020-08-26 - Version

2020-08-10 - Version

2020-08-05 - Version

2020-08-04 - Version

2020-08-01 - Version

2020-06-09 - Version

2020-06-01 - Version

2020-05-31 - Version

2020-05-30 - Version

2020-05-29 - Version

2020-05-25 - Version

2020-05-15 - Version

2020-05-15 - Version

2020-05-14 - Version

2020-05-11 - Version

2020-05-08 - Version

2020-04-28 - Version

2020-04-09 - Version

2020-04-08 - Version

2020-04-03 - Version

2020-03-31 - Version

2020-03-29 - Version

2019-11-13 - Version

2019-10-29 - Version

2019-10-09 - Version

2019-10-08 - Version

2019-09-28 - Version