Merge pull request #447 from darses/master

Add Windows LAPS check
2024-11-29 01:48:20 +01:00 · 2024-11-29 01:48:20 +01:00 · 32e3a4b776
commit 32e3a4b776
parent cdb81d7eb4 a150d4a022
1 changed files with 9 additions and 1 deletions
--- a/winPEAS/winPEASbat/winPEAS.bat
+++ b/winPEAS/winPEASbat/winPEAS.bat
@ -147,12 +147,20 @@ ECHO.
 CALL :T_Progress 1

 :LAPSInstallCheck
-CALL :ColorLine " %E%33m[+]%E%97m LAPS installed?"
+CALL :ColorLine " %E%33m[+]%E%97m Legacy Microsoft LAPS installed?"
 ECHO.   [i] Check what is being logged
 REG QUERY "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd" /v AdmPwdEnabled 2>nul
 ECHO.
 CALL :T_Progress 1

+:WindowsLAPSInstallCheck
+CALL :ColorLine " %E%33m[+]%E%97m Windows LAPS installed?"
+ECHO.   [i] Check what is being logged: 0x00 Disabled, 0x01 Backup to Entra, 0x02 Backup to Active Directory
+REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Policies\LAPS" /v BackupDirectory 2>nul
+REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS" /v BackupDirectory 2>nul
+ECHO.
+CALL :T_Progress 1
+
 :LSAProtectionCheck
 CALL :ColorLine " %E%33m[+]%E%97m LSA protection?"
 ECHO.   [i] Active if "1"