search
DownloadsPricingRequest a trial

Access Manager Editions

hashtag
Community Edition

Access Manager Community edition is our core offering, that contains all the features that an organization need to help defend themselves from lateral movement-based attacks. You can provide your users full access to Microsoft LAPS passwords and request just-in-time admin access to computers all from the convenience of their browser.

Community edition is completely free for any organization of any size to use.

hashtag
Enterprise Edition

Enterprise edition customers can deploy the Lithnet Access Manager Agent, which enables LAPS support for devices that aren't joined to your Active Directory domain. The agent runs on Windows, macOS, and Linux, and supports Azure Active Directory joined and registered devices.

Enterprise edition also enables additional functionality, such as support for high availability, and advanced custom authorization rules.

See the licensing page for information on how to trial or purchase an Enterprise Edition license.

hashtag
Feature comparison

hashtag
Web Interface features

The Access Manager web interface is the main feature of the product that your support staff and end users will be interacting with.

Feature
Community Edition
Enterprise Edition

Access to local admin passwords set by the legacy Microsoft LAPS agent

Access to local admin passwords set by the new Microsoft Windows LAPS agent

Access to local admin passwords set by the Lithnet Access Manager Agent 1

Access to BitLocker recovery passwords

Just-in-time administrative access to Windows computers

Just-in-time access to custom roles

Limited to 3 roles

'Read aloud' function for passwords (where supported by the browser)

Phonetic display of passwords

Access to local admin password history 3

Show the local admin username 3

Trigger LAPS password change when the password has been accessed 4

Learn more about the differences between the Microsoft and Lithnet LAPS Agents.

hashtag
Lithnet Access Manager Agent password management features

Enterprise edition customers benefit from the following capabilities when they deploy the Lithnet Access Manager agent to their devices to manage LAPS passwords.

Feature
Community Edition
Enterprise Edition

Manage local admin passwords of domain-joined devices and store them in Active Directory (domain-joined Windows clients only)

Manage local admin passwords of non domain-joined devices and store them in the Access Manager database

Limited to 100 devices

Encrypted storage of passwords

Retain historical local admin password history

Support for domain-joined Windows devices

Support for non-domain joined Windows clients

Limited to 100 devices

Support for macOS devices (Intel and arm64)

Limited to 100 devices

Support for Azure AD joined Windows 10 and higher devices

Limited to 100 devices

Support for Azure AD registered Windows 10 and higher devices

Limited to 100 devices

Support for Linux distributions (x64, arm64, arm32) 2

Limited to 100 devices

hashtag
Just-in-time access features

Feature
Community Edition
Enterprise Edition

Just-in-time administrative access to Windows computers

Just-in-time access to Active Directory role-based groups

Limited to 3 roles

hashtag
BitLocker features

Feature
Community Edition
Enterprise Edition

Read BitLocker recovery passwords from AD

hashtag
Authentication features

Access Manager supports several authentication mechanisms. You can use a modern authentication provider like Azure AD or Okta to add MFA support to your Access Manager instance.

Feature
Community Edition
Enterprise Edition

Support for Integrated Windows Authentication

Support for OpenID Connect

Support for WS-Federation

Support for smart-card authentication

hashtag
Auditing features

Feature
Community Edition
Enterprise Edition

Log events to the Windows event log

Send audit notifications via webhooks

Send audit notifications via email

Send audit notifications via custom PowerShell scripts

hashtag
Infrastructure

Feature
Community Edition
Enterprise Edition

Multi-domain support

Cross-forest trust support

Single-server deployments

Windows Failover cluster deployments

Load-balanced deployments

hashtag
Authorization features

Feature
Community Edition
Enterprise Edition

ACL-based authorization

Custom PowerShell script-based authorization

Global rate-limiting on requests

Import Microsoft LAPS permissions from Active Directory

Import BitLocker recovery password permissions from Active Directory

Import local admin permissions from computers

Import permissions from CSV file

Import LAPS permissions from the Lithnet LAPS Web App

hashtag
Configuration management features

Feature
Community Edition
Enterprise Edition

Manage AMS groups from the UI

Manage AMS groups from PowerShell

Manage AMS devices from the UI

Manage AMS devices from PowerShell

Manage AMS registration keys from the UI

Manage AMS registration keys from PowerShell

Create and modify authorization rules using the UI

Create and modify authorization rules using PowerShell

hashtag
Support

Feature
Community Edition
Enterprise Edition

Community support via GitHub

Enterprise support by Lithnet

  1. Requires the use of the Lithnet Access Manager Agent

  2. See the page on supported Linux operating systems for more details

  3. Requires the use of the Lithnet Access Manager Agent or the Microsoft Windows LAPS client

  4. Not supported when using the Microsoft Windows LAPS client and storing the password in Azure AD

PreviousHow does Lithnet Access Manager help prevent lateral movement?NextLicensing

Last updated

Was this helpful?