Great tutorial. At 12:00 the rights you are looking for are farther down the list, not the "All Extended Rights". There are 4 with the following naming convention: "ms-Mcs-AdmPwd*" . Those are the ones associated with the LAPS schema and where passwords are stored.
I assume you need more permissions that domain admin to update the adschema? I had to just use psexec to run powershell as system so I could do the update. Schema Admins by any chance?
Po zastosowaniu się do wszystkich kroków i wygenerowaniu nowego hasła, nadal obowiązuje stare hasło , z którego do tej pory korzystałem. Czyżbym nie do końca rozumiał idei tego narzędzia?
Just wondering , in the real world each endpoint has at least AV and sometimes additional anti malware tools, is this tool is still effective besides the POC concepts shown here?
Why would I need a hash to get access of other system's local admin when the password of my machine and their machine is same because to perform the hack , i need admin privilege which i will only be having if i am having the password of that local admin. Please correct me if i am wrong or missing something.
I follwed the tut, but i dont can read a password. The dc is running in a vm. I am the Domain Administrator. No way to read password. Especially i cant See if my Configuration is working.
In this tutorial, we are extracting hashes, not passwords. However, if you have problems with extracting the hash from the SAM database, it may be caused by not having enough privileges. Please make sure you used psexec to elevate to the local system (as Paula is doing in the video) and then verify if it was successful with “whoami” command. Also please note that you need to run CQHashDumpv2 or Mimikatz from that very terminal window which is running under “nt authority\system”
YES - that is how you get your admx and adml files in your loca policy store then you copy the admpwd.admx/l files to your adml/s policy store on your sysvol.
how to separate permissions to view password on client computer versus servers, we would not want the desktop team folks to see servers local admin passwords.
you dont install the GUI on the clients - only on the server. so you can only look at passwords on server. since you will deploy this with GPO and the default for the msi package is client only. there ill be no issue.
Great tutorial.
At 12:00 the rights you are looking for are farther down the list, not the "All Extended Rights". There are 4 with the following naming convention: "ms-Mcs-AdmPwd*" . Those are the ones associated with the LAPS schema and where passwords are stored.
Awesome Madam !
Ok so now I have to implement this across my company domain!!! Thanks Alot! Its a gresat video! You make these computers more human!!!
i was wondering if you can make some series of videos on securing default windows installation i.e. best practices
That's a great idea!
Why was helpdesk not checked in "All extended rights" if that is what makes them able to read?
They needed to scroll down to see the checked items.
interesting and excellent share
Thank you, very good information
Thank you!
Yeah, good job. It's on the 70-744 exam.
I assume you need more permissions that domain admin to update the adschema? I had to just use psexec to run powershell as system so I could do the update.
Schema Admins by any chance?
Good job!
Were do you see logs?
Very nice Video, thank you!
Po zastosowaniu się do wszystkich kroków i wygenerowaniu nowego hasła, nadal obowiązuje stare hasło , z którego do tej pory korzystałem. Czyżbym nie do końca rozumiał idei tego narzędzia?
Great video! Thanks for sharing.
Can you mitigate pass the hash exploit by disabling Ntlm?
Very Helpful
Full episode link please ?
Just wondering , in the real world each endpoint has at least AV and sometimes additional anti malware tools, is this tool is still effective besides the POC concepts shown here?
the tool can be customized and bypass any AV
Why would I need a hash to get access of other system's local admin when the password of my machine and their machine is same because to perform the hack , i need admin privilege which i will only be having if i am having the password of that local admin.
Please correct me if i am wrong or missing something.
addc
I follwed the tut, but i dont can read a password. The dc is running in a vm. I am the Domain Administrator. No way to read password. Especially i cant See if my Configuration is working.
In this tutorial, we are extracting hashes, not passwords. However, if you have problems with extracting the hash from the SAM database, it may be caused by not having enough privileges. Please make sure you used psexec to elevate to the local system (as Paula is doing in the video) and then verify if it was successful with “whoami” command. Also please note that you need to run CQHashDumpv2 or Mimikatz from that very terminal window which is running under “nt authority\system”
dzienkuje
Does the management side of LAPS have to be installed on a Domain Controller?
YES - that is how you get your admx and adml files in your loca policy store then you copy the admpwd.admx/l files to your adml/s policy store on your sysvol.
Why doesn't mine change the password after I set a Date&Time for the password to expire?
Please Help.
omegarev check gpresult /r if the policy got implemented.
how to separate permissions to view password on client computer versus servers, we would not want the desktop team folks to see servers local admin passwords.
you dont install the GUI on the clients - only on the server. so you can only look at passwords on server. since you will deploy this with GPO and the default for the msi package is client only. there ill be no issue.
is laps installed on each domain controller?
Erik Curtis should be just one. Then the setting gets replicated to others.
Ur videos are awesome but not the volume.