Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v2.0
v2.0
  • Home
  • What's new in Access Manager v2
  • How does Lithnet Access Manager help prevent lateral movement?
  • Access Manager Editions
  • Licensing
  • Change log
  • Installation
    • Getting started
    • System Requirements
    • Downloads
    • Upgrading from Access Manager v1
    • Installing the Access Manager Server
      • Creating a service account for the Access Manager Service
      • SQL installation options
      • Installing the Access Manager Service
      • High availability options
        • Load balancing Access Manager
        • Installing Access Manager in a Failover Cluster
    • Installing the Access Manager Agent
      • Choosing between the Microsoft and Lithnet agents for LAPS support
      • Installing the Access Manager Agent on Windows
      • Installing the Access Manager Agent on Linux
      • Installing the Access Manager Agent on macOS
  • Configuration
    • Setting up Authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Azure AD
      • Setting up authentication with Okta
      • Setting up smart card authentication
      • Setting up integrated windows authentication
    • Deploying Features
      • Setting up Microsoft LAPS for Active Directory
      • Setting up Microsoft LAPS for Azure Active Directory
      • Setting up Lithnet LAPS
        • Preparing the AMS directory
        • Setting the AMS directory for Lithnet LAPS clients
        • Setting up Lithnet LAPS for Azure AD joined and registered devices
        • Setting up Lithnet LAPS for domain-joined devices
        • Setting up Lithnet LAPS for macOS and Linux
        • Setting up Lithnet LAPS for standalone Windows devices
      • Setting up BitLocker access
      • Setting up JIT for computers
      • Setting up JIT for roles
    • Importing authorization rules
      • Import Microsoft LAPS permissions from Active Directory
      • Importing BitLocker permissions from Active Directory
      • Importing local administrator group membership from domain-joined Windows devices
      • Import mappings from a CSV file
      • Importing rules from the Lithnet LAPS web app
      • Performing an offline discovery of local admins
  • Help and support
    • Frequently asked Questions
    • Troubleshooting
    • Quick start guides
      • Getting started with Windows LAPS and Lithnet Access Manager
      • Getting started with Windows LAPS for Active Directory
      • Getting started with Windows LAPS for Azure Active Directory
    • Support Articles
      • KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error
      • KB000002: Users retain their admin rights after their JIT period expires
      • KB000003: Configuring the Access Manager Agent to manage an account other than 'root' on Linux
      • KB000004: Creating a log file to troubleshoot installation issues with the Access Manager Service
      • KB000005: Access Manager stops working after applying the November 2022 Windows update
      • KB000006: Migrating the Access Manager Database
      • KB000007: Adding JIT groups via Group Policy doesn't work with NTLM Disabled
      • KB000008: AMS is unable to JIT into privileged groups such as Domain Admins
    • Advanced help topics
      • Ports and traffic flows
      • Internet access requirements
      • Access evaluation in Access Manager Service (AMS)
      • Recovering from a lost encryption certificate
      • Script-based authorization
      • Customized auditing with PowerShell notification channels
      • Variables available in audit notification channels
      • Setting up audit templates
      • Backup and Restore
      • Event ID reference
    • PowerShell reference
      • Add-AmsDeviceRegistrationKeyGroup
      • Add-AmsGroupMember
      • Export-AmsServerDiagnostics
      • Get-AmsActiveDirectoryJitOptions
      • Get-AmsComputerAuthorizationRule
      • Get-AmsDevice
      • Get-AmsDeviceRegistrationKey
      • Get-AmsGroup
      • Get-AmsGroupMembers
      • Get-AmsHostConfig
      • Get-AmsJitSchedulerJob
      • Get-AmsLocalAdminPassword
      • Get-AmsLocalAdminPasswordHistory
      • Get-AmsRoleAuthorizationRule
      • New-AmsComputerAuthorizationRule
      • New-AmsDeviceRegistrationKey
      • New-AmsGroup
      • New-AmsRoleAuthorizationRule
      • Remove-AmsComputerAuthorizationRule
      • Remove-AmsDevice
      • Remove-AmsDeviceRegistrationKey
      • Remove-AmsDeviceRegistrationKeyGroup
      • Remove-AmsGroup
      • Remove-AmsGroupMember
      • Remove-AmsJitSchedulerJob
      • Remove-AmsRoleAuthorizationRule
      • Set-AmsActiveDirectoryJitOptions
      • Set-AmsComputerAuthorizationRule
      • Set-AmsDevice
      • Set-AmsDeviceRegistrationKey
      • Set-AmsGroup
      • Set-AmsHostConfig
      • Set-AmsRoleAuthorizationRule
    • Application help pages
      • Access Manager Directory configuration page
      • Access Manager Directory Devices page
      • Access Manager Directory Groups page
      • Lithnet LAPS configuration page (Access Manager Directory)
      • Access Manager Directory Registration Keys page
      • Lithnet LAPS configuration page (Active Directory)
      • Microsoft LAPS configuration page
      • Active Directory configuration page
      • Auditing page
      • Authentication configuration page
      • Computer authorization rules page
      • Role authorization rules page
      • Azure Active Directory configuration page
      • BitLocker configuration page
      • Database configuration page
      • Effective access page
      • Email configuration page
      • IP Address detection configuration page
      • Just-in-time access configuration page
      • Licensing configuration page
      • Rate limit configuration page
      • Host configuration page
      • User interface configuration page
      • Security page
    • Getting Support
Powered by GitBook
On this page
  • What's new in the Lithnet Access Manager Service
  • New features
  • Deprecated features
  • Changed features
  • What's new in the Lithnet Access Manager Agent
  • New features

Was this helpful?

What's new in Access Manager v2

Lithnet Access Manager v2 brings many new and exciting capabilities to our product. We've heard you loud and clear - you want LAPS everywhere in your organization! Well, the Access Manager Agent now supports managing local admin passwords on Azure AD joined and registered devices. We didn't stop there, we've added support for managing the root password on macOS and Linux, and even extended capability to managing LAPS passwords on Windows machines that are not joined to any domain at all!

Our other exciting new, and perhaps most requested feature, is extending our just-in-time access functionality to Active Directory groups. You can now define a role in Access Manager, and authorized users can claim that role, giving them time-limited membership in your customer AD group!

Read on to learn more about what else is new in Lithnet Access Manager.

What's new in the Lithnet Access Manager Service

The most notable change to the service itself, is that AMS has moved from having an embedded database, to requiring a Microsoft SQL server. You can use Microsoft SQL Express, Standard, or Enterprise, as well as Azure SQL and Amazon RDS SQL. We've preconfigured a Microsoft SQL Express instance in our installer that is ready to go for small-to-medium sized deployments.

This database contains the app configuration and encrypted device passwords, so having a robust backup strategy is very important.

New features

  • Added support for reading local admin passwords stored in the new 'msLAPS' Active Directory attributes

  • Added support for providing just-in-time access to an AD group (JIT for AD roles)

  • Added support for storing local admin passwords in the AMS database for non-active directory-joined devices

  • Added support for providing a computer name as a URL parameter in a computer access request

  • Added support for auditing changes to authorization rules

  • Enhanced audit template capabilities with conditional rendering using the handlebars language

  • Added support for the new objectSID extension in user certificates when using certificate authentication

  • Added the ability to deny login access to specific principals

  • Added the ability to configure single-sign out when using OpenID Connect authentication

  • Added support for modifying the event log audit template

  • Configuration is now stored in the database, and configuration files are no longer used

  • Removed the requirement for registry replication and shared stored when running AMS in a failover cluster

  • Replaces the JIT mechanism for forests that don't support the Active Directory PAM feature with an internal scheduling engine

  • Changes the 'request reason' setting from a global setting, to a per-authorization rule setting

  • Removes the embedded database in favor of an SQL express or external SQL server

  • Added support for Azure SQL databases

  • Added support for Amazon RDS SQL databases

  • Added support for setting up Access Manager behind layer 7 load balancers

  • Users are now prompted to select a matching computer, when they supply an ambiguous computer name

  • Added the ability to copy the LAPS username where available

Deprecated features

  • Custom audit scripts from Access Manager v1 have been replaced by 'v2' audit scripts. 'v1' scripts will continue to work for computer audit events, but should be updated to the new v2 script format to support new features and capabilities such as JIT for roles.

Changed features

  • Accessing encrypted passwords in Active Directory set by the Lithnet Access Manager Agent is now an Enterprise Edition feature

  • The Lithnet Access Manager Service now requires Microsoft .NET 8.0

What's new in the Lithnet Access Manager Agent

Our agent is now based on Microsoft .NET 8.0, opening up cross-platform capabilities on operating systems when .NET is supported.

New features

  • Added support for managing local admin password on Azure AD-joined Windows devices

  • Added support for managing local admin password on Azure AD-registered Windows devices

  • Added support for managing local admin password on standalone Windows devices

  • Added support for managing root password on macOS

  • Added support for managing root password on Linux

PreviousHomeNextHow does Lithnet Access Manager help prevent lateral movement?

Last updated 7 months ago

Was this helpful?