Great tutorial. At 12:00 the rights you are looking for are farther down the list, not the "All Extended Rights". There are 4 with the following naming convention: "ms-Mcs-AdmPwd*" . Those are the ones associated with the LAPS schema and where passwords are stored.
I assume you need more permissions that domain admin to update the adschema? I had to just use psexec to run powershell as system so I could do the update. Schema Admins by any chance?
Po zastosowaniu się do wszystkich kroków i wygenerowaniu nowego hasła, nadal obowiązuje stare hasło , z którego do tej pory korzystałem. Czyżbym nie do końca rozumiał idei tego narzędzia?
I follwed the tut, but i dont can read a password. The dc is running in a vm. I am the Domain Administrator. No way to read password. Especially i cant See if my Configuration is working.
In this tutorial, we are extracting hashes, not passwords. However, if you have problems with extracting the hash from the SAM database, it may be caused by not having enough privileges. Please make sure you used psexec to elevate to the local system (as Paula is doing in the video) and then verify if it was successful with “whoami” command. Also please note that you need to run CQHashDumpv2 or Mimikatz from that very terminal window which is running under “nt authority\system”
Just wondering , in the real world each endpoint has at least AV and sometimes additional anti malware tools, is this tool is still effective besides the POC concepts shown here?
YES - that is how you get your admx and adml files in your loca policy store then you copy the admpwd.admx/l files to your adml/s policy store on your sysvol.
Why would I need a hash to get access of other system's local admin when the password of my machine and their machine is same because to perform the hack , i need admin privilege which i will only be having if i am having the password of that local admin. Please correct me if i am wrong or missing something.
how to separate permissions to view password on client computer versus servers, we would not want the desktop team folks to see servers local admin passwords.
you dont install the GUI on the clients - only on the server. so you can only look at passwords on server. since you will deploy this with GPO and the default for the msi package is client only. there ill be no issue.
Great tutorial.
At 12:00 the rights you are looking for are farther down the list, not the "All Extended Rights". There are 4 with the following naming convention: "ms-Mcs-AdmPwd*" . Those are the ones associated with the LAPS schema and where passwords are stored.
Ok so now I have to implement this across my company domain!!! Thanks Alot! Its a gresat video! You make these computers more human!!!
Awesome Madam !
i was wondering if you can make some series of videos on securing default windows installation i.e. best practices
That's a great idea!
interesting and excellent share
Why was helpdesk not checked in "All extended rights" if that is what makes them able to read?
They needed to scroll down to see the checked items.
Great video! Thanks for sharing.
Yeah, good job. It's on the 70-744 exam.
Thank you, very good information
Thank you!
Good job!
Very nice Video, thank you!
Very Helpful
Were do you see logs?
Can you mitigate pass the hash exploit by disabling Ntlm?
I assume you need more permissions that domain admin to update the adschema? I had to just use psexec to run powershell as system so I could do the update.
Schema Admins by any chance?
dzienkuje
Po zastosowaniu się do wszystkich kroków i wygenerowaniu nowego hasła, nadal obowiązuje stare hasło , z którego do tej pory korzystałem. Czyżbym nie do końca rozumiał idei tego narzędzia?
Full episode link please ?
I follwed the tut, but i dont can read a password. The dc is running in a vm. I am the Domain Administrator. No way to read password. Especially i cant See if my Configuration is working.
In this tutorial, we are extracting hashes, not passwords. However, if you have problems with extracting the hash from the SAM database, it may be caused by not having enough privileges. Please make sure you used psexec to elevate to the local system (as Paula is doing in the video) and then verify if it was successful with “whoami” command. Also please note that you need to run CQHashDumpv2 or Mimikatz from that very terminal window which is running under “nt authority\system”
Just wondering , in the real world each endpoint has at least AV and sometimes additional anti malware tools, is this tool is still effective besides the POC concepts shown here?
the tool can be customized and bypass any AV
Does the management side of LAPS have to be installed on a Domain Controller?
YES - that is how you get your admx and adml files in your loca policy store then you copy the admpwd.admx/l files to your adml/s policy store on your sysvol.
Why would I need a hash to get access of other system's local admin when the password of my machine and their machine is same because to perform the hack , i need admin privilege which i will only be having if i am having the password of that local admin.
Please correct me if i am wrong or missing something.
addc
how to separate permissions to view password on client computer versus servers, we would not want the desktop team folks to see servers local admin passwords.
you dont install the GUI on the clients - only on the server. so you can only look at passwords on server. since you will deploy this with GPO and the default for the msi package is client only. there ill be no issue.
Why doesn't mine change the password after I set a Date&Time for the password to expire?
Please Help.
omegarev check gpresult /r if the policy got implemented.
Ur videos are awesome but not the volume.
is laps installed on each domain controller?
Erik Curtis should be just one. Then the setting gets replicated to others.