Access Manager Editions
Community Edition
Access Manager Community edition is our core offering, that contains all the features that an organization need to help defend themselves from lateral movement-based attacks. You can provide your users full access to Microsoft LAPS passwords and request just-in-time admin access to computers all from the convenience of their browser.
Community edition is completely free for any organization of any size to use.
Enterprise Edition
Enterprise edition customers can deploy the Lithnet Access Manager Agent, which enables LAPS support for devices that aren't joined to your Active Directory domain. The agent runs on Windows, macOS, and Linux, and supports Azure Active Directory joined and registered devices.
Enterprise edition also enables additional functionality, such as support for high availability, and advanced custom authorization rules.
See the licensing page for information on how to trial or purchase an Enterprise Edition license.
Feature comparison
Web Interface features
The Access Manager web interface is the main feature of the product that your support staff and end users will be interacting with.
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Access to local admin passwords set by the legacy Microsoft LAPS agent | ||
Access to local admin passwords set by the new Microsoft Windows LAPS agent | ||
Access to local admin passwords set by the Lithnet Access Manager Agent 1 | ||
Access to BitLocker recovery passwords | ||
Just-in-time administrative access to Windows computers | ||
Just-in-time access to custom roles | Limited to 3 roles | |
'Read aloud' function for passwords (where supported by the browser) | ||
Phonetic display of passwords | ||
Access to local admin password history 3 | ||
Show the local admin username 3 | ||
Trigger LAPS password change when the password has been accessed 4 |
Learn more about the differences between the Microsoft and Lithnet LAPS Agents.
Lithnet Access Manager Agent password management features
Enterprise edition customers benefit from the following capabilities when they deploy the Lithnet Access Manager agent to their devices to manage LAPS passwords.
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Manage local admin passwords of domain-joined devices and store them in Active Directory (domain-joined Windows clients only) | ||
Manage local admin passwords of non domain-joined devices and store them in the Access Manager database | Limited to 100 devices | |
Encrypted storage of passwords | ||
Retain historical local admin password history | ||
Support for domain-joined Windows devices | ||
Support for non-domain joined Windows clients | Limited to 100 devices | |
Support for macOS devices (Intel and arm64) | Limited to 100 devices | |
Support for Azure AD joined Windows 10 and higher devices | Limited to 100 devices | |
Support for Azure AD registered Windows 10 and higher devices | Limited to 100 devices | |
Support for Linux distributions (x64, arm64, arm32) 2 | Limited to 100 devices |
Just-in-time access features
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Just-in-time administrative access to Windows computers | ||
Just-in-time access to Active Directory role-based groups | Limited to 3 roles |
BitLocker features
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Read BitLocker recovery passwords from AD |
Authentication features
Access Manager supports several authentication mechanisms. You can use a modern authentication provider like Azure AD or Okta to add MFA support to your Access Manager instance.
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Support for Integrated Windows Authentication | ||
Support for OpenID Connect | ||
Support for WS-Federation | ||
Support for smart-card authentication |
Auditing features
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Log events to the Windows event log | ||
Send audit notifications via webhooks | ||
Send audit notifications via email | ||
Send audit notifications via custom PowerShell scripts |
Infrastructure
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Multi-domain support | ||
Cross-forest trust support | ||
Single-server deployments | ||
Windows Failover cluster deployments | ||
Load-balanced deployments |
Authorization features
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
ACL-based authorization | ||
Custom PowerShell script-based authorization | ||
Global rate-limiting on requests | ||
Import Microsoft LAPS permissions from Active Directory | ||
Import BitLocker recovery password permissions from Active Directory | ||
Import local admin permissions from computers | ||
Import permissions from CSV file | ||
Import LAPS permissions from the Lithnet LAPS Web App |
Configuration management features
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Manage AMS groups from the UI | ||
Manage AMS groups from PowerShell | ||
Manage AMS devices from the UI | ||
Manage AMS devices from PowerShell | ||
Manage AMS registration keys from the UI | ||
Manage AMS registration keys from PowerShell | ||
Create and modify authorization rules using the UI | ||
Create and modify authorization rules using PowerShell |
Support
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
Community support via GitHub | ||
Enterprise support by Lithnet |
Requires the use of the Lithnet Access Manager Agent
See the page on supported Linux operating systems for more details
Requires the use of the Lithnet Access Manager Agent or the Microsoft Windows LAPS client
Not supported when using the Microsoft Windows LAPS client and storing the password in Azure AD
Last updated
