From a150d4a02217fc2bdda0853f319aa20fd68b2e55 Mon Sep 17 00:00:00 2001
From: darses <christian@decimatechnologies.eu>
Date: Thu, 28 Nov 2024 19:37:58 +0100
Subject: [PATCH] Add Windows LAPS check to winPEAS.bat

---
 winPEAS/winPEASbat/winPEAS.bat | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/winPEAS/winPEASbat/winPEAS.bat b/winPEAS/winPEASbat/winPEAS.bat
index 5478eea..73cc557 100755
--- a/winPEAS/winPEASbat/winPEAS.bat
+++ b/winPEAS/winPEASbat/winPEAS.bat
@@ -147,12 +147,20 @@ ECHO.
 CALL :T_Progress 1
 
 :LAPSInstallCheck
-CALL :ColorLine " %E%33m[+]%E%97m LAPS installed?"
+CALL :ColorLine " %E%33m[+]%E%97m Legacy Microsoft LAPS installed?"
 ECHO.   [i] Check what is being logged
 REG QUERY "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd" /v AdmPwdEnabled 2>nul
 ECHO.
 CALL :T_Progress 1
 
+:WindowsLAPSInstallCheck
+CALL :ColorLine " %E%33m[+]%E%97m Windows LAPS installed?"
+ECHO.   [i] Check what is being logged: 0x00 Disabled, 0x01 Backup to Entra, 0x02 Backup to Active Directory
+REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Policies\LAPS" /v BackupDirectory 2>nul
+REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS" /v BackupDirectory 2>nul
+ECHO.
+CALL :T_Progress 1
+
 :LSAProtectionCheck
 CALL :ColorLine " %E%33m[+]%E%97m LSA protection?"
 ECHO.   [i] Active if "1"