Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v3.0
v3.0
  • Home
  • How does Lithnet Access Manager help prevent lateral movement?
  • Access Manager Editions
  • Licensing
  • What's new in Access Manager v3
  • Change log
  • Installation
    • Getting started
    • System Requirements
    • Downloads
    • Upgrading from Access Manager v1
    • Upgrading from Access Manager v2
      • Considerations for migrating from Access Manager v2
    • Installing the Access Manager Server
      • Creating a service account for the Access Manager Service
      • SQL installation options
      • Installing the Access Manager Service
      • High availability options
        • Load balancing Access Manager
    • Installing the Access Manager Agent
      • Enabling agent support on the AMS server
      • Installing the Access Manager Agent on Windows
      • Installing the Access Manager Agent on Linux
      • Installing the Access Manager Agent on macOS
  • Configuration
    • Setting up Authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Microsoft Entra ID
      • Setting up authentication with Okta
      • Setting up smart card authentication
      • Setting up integrated windows authentication
    • Deploying Features
      • Setting up RapidLAPS
      • LAPS
        • Setting up Microsoft LAPS for Active Directory
        • Setting up Microsoft LAPS for Entra
        • Setting up Lithnet LAPS
      • Just-in-time Authentication (JIT)
        • Setting up JIT for computers
        • Setting up JIT for roles
      • Setting up BitLocker access
        • Setting up access to BitLocker keys stored in Active Directory
        • Setting up BitLocker recovery key backup and access using the Access Manager Agent
    • Importing authorization rules
      • Import Microsoft LAPS permissions from Active Directory
      • Importing BitLocker permissions from Active Directory
      • Importing local administrator group membership from domain-joined Windows devices
      • Import mappings from a CSV file
      • Performing an offline discovery of local admins
  • Help and support
    • Frequently asked Questions
    • Troubleshooting
    • Quick start guides
      • Getting started with Windows LAPS and Lithnet Access Manager
      • Getting started with Windows LAPS for Active Directory
      • Getting started with Windows LAPS for Microsoft Entra
      • Getting started with RapidLAPS
    • Product lifecycle
    • Choosing between the Lithnet and Microsoft agent for LAPS
    • Support Articles
      • KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error
      • KB000002: Users retain their admin rights after their JIT period expires
      • KB000003: Configuring the Access Manager Agent to manage an account other than 'root' on Linux
      • KB000004: Creating a log file to troubleshoot installation issues with the Access Manager Service
      • KB000005: Access Manager stops working after applying the November 2022 Windows update
      • KB000006: Migrating the Access Manager Database
      • KB000007: Adding JIT groups via Group Policy doesn't work with NTLM Disabled
      • KB000008: AMS is unable to JIT into privileged groups such as Domain Admins
      • KB000009: Access Manager may return an out-of-date LAPS password, or no password at all
      • KB000010: The Access Manager agents fail to register on macOS 15 (Sequoia)
      • KB000011: Users report delays in obtaining just-in-time access via AD
      • KB000012: Troubleshooting Windows authentication in the Access Manager Web App
      • KB000013: Access Manager cannot be installed on Windows Server 2016 with TLS 1.0 disabled
    • Advanced help topics
      • Creating an Entra app registration or Access Manager
      • Setting up agent policies
      • Managing word lists
      • Password history retention
      • Ports and traffic flows
      • Internet access requirements
      • Access evaluation in Access Manager Service (AMS)
      • Recovering from a lost encryption certificate
      • Script-based authorization
      • Customized auditing with PowerShell notification channels
      • Variables available in audit notification channels
      • Setting up audit templates
      • Backup and Restore
      • Event ID reference
      • Group policy configuration
    • PowerShell reference
      • Add-AmsDeviceRegistrationKeyGroup
      • Add-AmsGroupMember
      • Add-AmsIdpClaimMapping
      • Clear-AmsIdpClaimMapping
      • Export-AmsServerDiagnostics
      • Get-AmsActiveDirectoryJitOptions
      • Get-AmsActiveDirectoryJitGroupCreationRule
      • Get-AmsComputerAuthorizationRule
      • Get-AmsDevice
      • Get-AmsDeviceRegistrationKey
      • Get-AmsFveRecoveryKey
      • Get-AmsGroup
      • Get-AmsGroupMembers
      • Get-AmsHostConfig
      • Get-AmsIdpClaimMapping
      • Get-AmsJitSchedulerJob
      • Get-AmsLocalAdminPassword
      • Get-AmsLocalAdminPasswordHistory
      • Get-AmsRoleAuthorizationRule
      • Get-AmsServiceConfig
      • New-AmsActiveDirectoryJitGroupCreationRule
      • New-AmsComputerAuthorizationRule
      • New-AmsDeviceRegistrationKey
      • New-AmsGroup
      • New-AmsRoleAuthorizationRule
      • Remove-AmsActiveDirectoryJitGroupCreationRule
      • Remove-AmsComputerAuthorizationRule
      • Remove-AmsDevice
      • Remove-AmsDeviceRegistrationKey
      • Remove-AmsDeviceRegistrationKeyGroup
      • Remove-AmsGroup
      • Remove-AmsGroupMember
      • Remove-AmsJitSchedulerJob
      • Remove-AmsRoleAuthorizationRule
      • Set-AmsActiveDirectoryJitGroupCreationRule
      • Set-AmsActiveDirectoryJitOptions
      • Set-AmsComputerAuthorizationRule
      • Set-AmsDevice
      • Set-AmsDeviceRegistrationKey
      • Set-AmsGroup
      • Set-AmsHostConfig
      • Set-AmsRoleAuthorizationRule
      • Set-AmsServiceConfig
    • Application help pages
      • Host configuration page
      • App Configuration
        • AMS License configuration page
        • Authentication configuration page
        • Email configuration page
        • Rate limit configuration page
        • IP Address detection configuration page
        • User interface configuration page
        • Auditing page
        • Security page
        • Database configuration page
      • Access Manager Agent
        • Access Manager Agent - Agent registration page
        • Agent Policies
          • Access Manager Agent - Windows polices page
          • Access Manager Agent - macOS polices page
          • Access Manager Agent - Linux polices page
          • Access Manager Agent - Legacy AMSv2 policies page
        • Access Manager Agent - Password settings page
        • Access Manager Agent - Devices page
        • Access Manager Agent - Groups page
      • Directory Configuration
        • Active Directory configuration page
          • Microsoft LAPS configuration page
          • Lithnet LAPS configuration page (Active Directory)
          • Just-in-time access configuration page
          • BitLocker configuration page
        • Microsoft Entra configuration page
      • Authorization Rules
        • Computer authorization rules page
        • Role authorization rules page
      • Effective access page
    • Getting Support
Powered by GitBook
On this page
  • v3.0.1325 15th May 2025
  • Access Manager service
  • Access Manager agent
  • v3.0.1312 7th April 2025
  • Access Manager service
  • Access Manager agent
  • v3.0.1309 7th March 2025
  • Access Manager service
  • v3.0.1302 30th January 2025
  • Access Manager service
  • v3.0.1270 13th November 2024
  • Access Manager service
  • Access Manager agent
  • v3.0.1257 9th October 2024
  • Access Manager service
  • Access Manager agent
  • v3.0.1229 11th September 2024
  • Access Manager service
  • Access Manager agent
  • v3.0.1218 19th August 2024
  • Access Manager service
  • v3.0.1217 17th August 2024
  • Access Manager service
  • v3.0.1210 6th August 2024
  • Access Manager service
  • v3.0.1206 30th July 2024
  • Previous versions

Was this helpful?

Change log

v3.0.1325 15th May 2025

Access Manager service

  • [FIX] Fixes an issue where Access Manager may be unable to read LAPS passwords or BitLocker recovery keys stored in Active Directory, if a Windows Server 2025 domain controller is in the domain.

Access Manager agent

  • [FIX] Improves messages logged when Windows LAPS or legacy LAPS is active on the machine to better identify which policy is active

v3.0.1312 7th April 2025

Access Manager service

  • [FEATURE] Improves error message shown when a user tries to log in but their AD account is locked out

Access Manager agent

  • [FIX] Fixes an issue where NTLM authentication may fail and the agent is unable to register

v3.0.1309 7th March 2025

Access Manager service

  • [FIX] Fixes an issue a computer authorization rule may not show the display name when viewed via PowerShell

  • [FIX] Fixes an issue RapidLAPS authorization failures do not show the type of RapidLAPS request in the log or audit event data sets

  • [FIX] Fixes an issue where deleting the final authorization rule in the list would not clear the rule from the cache

  • [FIX] Adds rate limiting to RapidLAPS PIN entry requests

v3.0.1302 30th January 2025

Access Manager service

  • [FEATURE] JIT computer and role access times can now be selected in days/hours/minutes

  • [FEATURE] Computer and role authorization rule lists are now full-text searchable

  • [FEATURE] Computer and role authorization rules now save immediately after editing. There is no need to 'save' the global config to commit the rule changes

  • [FEATURE] Re-architects computer and role authorization rules to better support instances with thousands of rules

  • [FEATURE] Adds support for enterprise customers to be able to manage the service via PowerShell remoting

  • [FEATURE] Improves content security policy and permission policy on the web app

  • [FIX] Fixes an issue where editing a role changes its position in the list

  • [FIX] Fixes an issue where searching on a role name did not return expected results

  • [FIX] Fixes an issue where searching on a role CSV export did not contain all details

  • [FIX] Fixes an UI crash when editing a password generation policy, but providing an invalid combination of settings

  • [FIX] Fixes an issue where the AD JIT group creation job can get stuck in a broken state and not create any new groups

  • [FIX] Fixes validation logic on splunk hostname

  • [FIX] Fixes an issue were an internal error in the web app redirects to a 404 page

v3.0.1270 13th November 2024

Access Manager service

  • [FIX] Fixes an issue where the Request.Target parameter was null on a PowerShell audit request

  • [FIX] Modifies log files to be in UTC time

  • [FIX] Fixes an issue where the button to select the custom logo displayed by the web app could not be clicked with the mouse

  • [FIX] Fixes an issue where changing settings on AD JIT Group creation rule doesn't trigger a re-sync

  • [FEATURE] Adds a new -ForceFullSync parameter to the Set-AmsActiveDirectoryJitGroupCreationRule cmdlet

  • [FEATURE] Adds support for automatically mapping OpenID Connect and WS-Federation claims for sid and onprem_sid, in addition to the default value of upn. SID claims will take precedence over UPN claims due to their immutability.

  • [FEATURE] Adds new cmdlets for modifying OpenID Connect and WS-Federation claim mappings. You can now use custom attributes instead of upn for mapping to Active Directory users

  • [FEATURE] Adds event logging for the use of the Get-AmsLocalAdminPassword cmdlets

Access Manager agent

  • [FIX] Fixes an issue where RapidLAPS may not working after performing an in-place agent upgrade to v3.0.1257

  • [FIX] Fixes an issue where the Access Manager agent can cause high CPU consumption on the logon screen on Windows 24H2 builds

  • [FIX] Modifies log files to be in UTC time

v3.0.1257 9th October 2024

Access Manager service

  • [FIX] Fixes an issue where an error occurs in the web app when approving a RapidLAPS request without providing a mandatory reason

  • [FIX] Fixes an issue with the Get-AmsFveRecoveryKey cmdlet

  • [FIX] Fixes an issue where a PowerShell authorization rule could crash the Access Manager service

  • [FIX] Fixes an issue where agents < v3.0.1229 with server version v3.0.1229 may change their passwords too frequently

  • [FEATURE] Adds an option to the Get-AmsLocalAdminPassword cmdlet to get all active passwords from all providers

  • [FEATURE] Adds support for hiding the various tabs in the web app (Enterprise edition feature)

  • [FEATURE] Adds new cmdlets for adding JIT group creation rules via PowerShell

Access Manager agent

  • [FIX] Fixes an issue where RapidLAPS elevation requests on the RTM version of Windows 11 24H2 would fail to launch the elevated process

  • [FEATURE] Adds support for macOS 15-based agents

  • [FEATURE] Adds support for specifying the HTTPS port on the agent configuration command line

v3.0.1229 11th September 2024

Access Manager service

  • [FEATURE] Adds support for Windows 11 24H2 based agents

  • [FEATURE] Adds support for offering both negotiate and NTLM authenticate to web clients

  • [FEATURE] Adds support for detecting rollback events on clients and initiating a password re-sync operation

  • [FEATURE] Adds support for loading licenses from files

  • [FIX] Fixes an issue where RapidLAPS elevation requests coming from Windows 11 24H2 builds could not be approved

  • [FIX] Fixes an issue where the installer would fail when a protected connection string was in use

  • [FIX] Fixes an issue where Negotiate authentication was used even when basic or NTLM authentication was selected

  • [FIX] Fixes an issue where the 'specific site' or 'specific DC' options on a JIT computer authorization rule were not respected

  • [FIX] Fixes an issue where a computer JIT fulfillment operation would target a DC in the AMS server's site, rather that the target computer's site

  • [FIX] Fixes an issue where an agent installed on the same machine as the AMS server could not register with Windows authentication

  • [FIX] Fixes an issue where DC check in details are not processed for hybrid-joined devices

Access Manager agent

  • [FEATURE] Adds support for detecting rollback events on clients and initiating a password re-sync operation

  • [FEATURE] Adds support for Windows 11 24H2 based agents

  • [FIX] Fixes an issue where RapidLAPS elevation details from Windows 11 24H2 clients was incomplete

  • [FIX] Fixes an issue where agent-side issues such as untrusted server certificate or incorrect hostname were missing from the logs and misinterpreted as an 'API not reachable' error

v3.0.1218 19th August 2024

Access Manager service

  • [FIX] Fixes an issue where community edition users may receive and error when trying to use RapidLAPS

v3.0.1217 17th August 2024

Access Manager service

  • [FIX] Fixes an issue where users could not authenticate with WS-Federation

  • [FIX] Fixes an issue where RapidLAPS UI prompts set in the default policy would duplicate

  • [FEATURE] Adds support for showing LAPS passwords and BitLocker recovery keys as QR codes that can be scanned with a 2D barcode scanner. (Enterprise edition feature)

v3.0.1210 6th August 2024

Access Manager service

  • [FIX] Fixes an issue where agents using windows auth couldn't authenticate if only windows authentication was enabled in the agent registration config

v3.0.1206 30th July 2024

  • Initial release.

Review the what's new in v3 article to learn about the major changes since Access Manager v2.

Previous versions

Change log for Access Manager version 2

PreviousWhat's new in Access Manager v3NextGetting started

Last updated 1 month ago

Was this helpful?