Are you the victim of a security incident? Contact our CERT


Windows workstation security

Management of local workstation administration accounts
with Microsoft LAPS

What is LAPS?

LAPS is a system for managing local passwords on users’ workstations. This tool aims to ensure data confidentiality and reduce the risk in case of loss or theft of workstations.

What does LAPS provide?

LAPS provides security for workstations and the entire network by providing the following security features:

  • Generation of a unique local administrator password per workstation
  • Centralized storage of local administrator accounts on AD
  • Blocking the risk of a lateral movement attack from a compromised workstation
  • Centralized management of local administrator password expiration

The benefits

LAPS is integrated into the Windows system for free.

Deployment and management of the tool is done on the existing AD infrastructure


Almond’s Infrastructure Security team has complete expertise in the service chain offered by Microsoft, from the workstation to the Azure Cloud, as well as in AD and Azure AD security issues.

Mastering LAPS projects is part of our catalog of skills and we will be able to adapt to your context so that you can exploit the tool’s features in an optimized and secure manner.

What are the LAPS integration methods?

Deployment and control
by local strategy

Deployment and control
on Microsoft Intune

  • Deploying local password policies
  • Local passwords on AD controller
  • Solution not natively supported
  • Development of a custom solution:
    • Password generation
      on Azure KeyVault
    • Deployment of local passwords
      with Intune Logs
    • on “Azure Application Insights

Our services

Find the content of this page in PDF format:

Would you like more information about this offer?

Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.