What's new in Access Manager v2

Lithnet Access Manager v2 brings many new and exciting capabilities to our product. We've heard you loud and clear - you want LAPS everywhere in your organization! Well, the Access Manager Agent now supports managing local admin passwords on Azure AD joined and registered devices. We didn't stop there, we've added support for managing the root password on macOS and Linux, and even extended capability to managing LAPS passwords on Windows machines that are not joined to any domain at all!

Our other exciting new, and perhaps most requested feature, is extending our just-in-time access functionality to Active Directory groups. You can now define a role in Access Manager, and authorized users can claim that role, giving them time-limited membership in your customer AD group!

Read on to learn more about what else is new in Lithnet Access Manager.

What's new in the Lithnet Access Manager Service

The most notable change to the service itself, is that AMS has moved from having an embedded database, to requiring a Microsoft SQL server. You can use Microsoft SQL Express, Standard, or Enterprise, as well as Azure SQL and Amazon RDS SQL. We've preconfigured a Microsoft SQL Express instance in our installer that is ready to go for small-to-medium sized deployments.

This database contains the app configuration and encrypted device passwords, so having a robust backup strategy is very important.

New features

Added support for reading local admin passwords stored in the new 'msLAPS' Active Directory attributes
Added support for providing just-in-time access to an AD group (JIT for AD roles)
Added support for storing local admin passwords in the AMS database for non-active directory-joined devices
Added support for providing a computer name as a URL parameter in a computer access request
Added support for auditing changes to authorization rules
Enhanced audit template capabilities with conditional rendering using the handlebars language
Added support for the new objectSID extension in user certificates when using certificate authentication
Added the ability to deny login access to specific principals
Added the ability to configure single-sign out when using OpenID Connect authentication
Added support for modifying the event log audit template
Configuration is now stored in the database, and configuration files are no longer used
Removed the requirement for registry replication and shared stored when running AMS in a failover cluster
Replaces the JIT mechanism for forests that don't support the Active Directory PAM feature with an internal scheduling engine
Changes the 'request reason' setting from a global setting, to a per-authorization rule setting
Removes the embedded database in favor of an SQL express or external SQL server
Added support for Azure SQL databases
Added support for Amazon RDS SQL databases
Added support for setting up Access Manager behind layer 7 load balancers
Users are now prompted to select a matching computer, when they supply an ambiguous computer name
Added the ability to copy the LAPS username where available

Deprecated features

Custom audit scripts from Access Manager v1 have been replaced by 'v2' audit scripts. 'v1' scripts will continue to work for computer audit events, but should be updated to the new v2 script format to support new features and capabilities such as JIT for roles.

Changed features

Accessing encrypted passwords in Active Directory set by the Lithnet Access Manager Agent is now an Enterprise Edition feature
The Lithnet Access Manager Service now requires Microsoft .NET 8.0

What's new in the Lithnet Access Manager Agent

Our agent is now based on Microsoft .NET 8.0, opening up cross-platform capabilities on operating systems when .NET is supported.

New features

Added support for managing local admin password on Azure AD-joined Windows devices
Added support for managing local admin password on Azure AD-registered Windows devices
Added support for managing local admin password on standalone Windows devices
Added support for managing root password on macOS
Added support for managing root password on Linux

PreviousHome NextHow does Lithnet Access Manager help prevent lateral movement?

Last updated 7 months ago

Was this helpful?

What's new in the Lithnet Access Manager Service

This database contains the app configuration and encrypted device passwords, so having a robust backup strategy is very important.

New features

Added support for reading local admin passwords stored in the new 'msLAPS' Active Directory attributes

Added support for providing just-in-time access to an AD group (JIT for AD roles)

Added support for storing local admin passwords in the AMS database for non-active directory-joined devices

Added support for providing a computer name as a URL parameter in a computer access request

Added support for auditing changes to authorization rules

Enhanced audit template capabilities with conditional rendering using the handlebars language

Added support for the new objectSID extension in user certificates when using certificate authentication

Added the ability to deny login access to specific principals

Added the ability to configure single-sign out when using OpenID Connect authentication

Added support for modifying the event log audit template

Configuration is now stored in the database, and configuration files are no longer used

Removed the requirement for registry replication and shared stored when running AMS in a failover cluster

Replaces the JIT mechanism for forests that don't support the Active Directory PAM feature with an internal scheduling engine

Changes the 'request reason' setting from a global setting, to a per-authorization rule setting

Removes the embedded database in favor of an SQL express or external SQL server

Added support for Azure SQL databases

Added support for Amazon RDS SQL databases

Added support for setting up Access Manager behind layer 7 load balancers

Users are now prompted to select a matching computer, when they supply an ambiguous computer name

Added the ability to copy the LAPS username where available

Deprecated features

Custom audit scripts from Access Manager v1 have been replaced by 'v2' audit scripts. 'v1' scripts will continue to work for computer audit events, but should be updated to the new v2 script format to support new features and capabilities such as JIT for roles.

Changed features

Accessing encrypted passwords in Active Directory set by the Lithnet Access Manager Agent is now an Enterprise Edition feature

The Lithnet Access Manager Service now requires Microsoft .NET 8.0

What's new in the Lithnet Access Manager Agent

Our agent is now based on Microsoft .NET 8.0, opening up cross-platform capabilities on operating systems when .NET is supported.

New features

Added support for managing local admin password on Azure AD-joined Windows devices

Added support for managing local admin password on Azure AD-registered Windows devices

Added support for managing local admin password on standalone Windows devices

Added support for managing root password on macOS

Added support for managing root password on Linux