top of page
Search

Microsoft LAPS: Your Secret Weapon Against Lateral Movement Attacks

Updated: Mar 24

Picture this: A small accounting firm gets hit with ransomware.


The attackers didn't just encrypt one computer – they spread through the entire network like wildfire, using the same local administrator password that was set up years ago and never changed.


This nightmare scenario plays out in small businesses every day, but there's a simple solution: Microsoft LAPS.


What is LAPS, and Why Should You Care?


LAPS (Local Administrator Password Solution) is Microsoft's free tool that automatically manages and rotates local administrator passwords on your computers. Think of it as having a security guard that changes the locks on every door in your building, automatically, on a regular schedule.


The Hard Truth About Local Admin Passwords


Here's a common scenario we see: A small business sets up their computers with the same local administrator password – something like "Company123!" – and uses it everywhere. It's convenient, sure, but it's also a massive security risk.


If an attacker gets that password from just one computer, they've got the keys to your entire kingdom.


How LAPS Changes the Game


LAPS tackles this problem by:

  • Automatically generating unique, complex passwords for each computer

  • Securely storing these passwords in Active Directory for admins only

  • Rotating passwords on a schedule you control


Real-World Benefits for Your Business


  1. Stops Lateral Movement: Even if one computer is compromised, attackers can't use the same password to access other machines

  2. Reduces Admin Overhead: Automated rotation means no manual password changes

  3. Improves Audit Compliance: Built-in logging shows who accessed what and when


Implementation: Easier Than You Think


Setting up LAPS requires just a few steps:

  1. Install the LAPS client on your computers

  2. Configure Group Policy settings

  3. Set up appropriate access controls


Don’t forget to ...

  • Remove old local admin passwords after LAPS deployment

  • Ensure your Active Directory permissions are properly configured

  • Keep track of which computers have LAPS installed


The Bottom Line


For small businesses, LAPS is a no-brainer. It's free, effective, and could save you from a costly security breach. In today's threat landscape, using the same local admin password across your network is just asking for trouble.


Need Help Getting Started?


At CompleteMSP, we've helped numerous businesses implement LAPS as part of a comprehensive security strategy. Our team can ensure your LAPS deployment is properly configured and integrated with your existing security measures.


Contact us at 256-684-8083 or info@completemsp.com to learn more about this, and additional essential Microsoft security solutions.

bottom of page