Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v2.0
v2.0
  • Home
  • What's new in Access Manager v2
  • How does Lithnet Access Manager help prevent lateral movement?
  • Access Manager Editions
  • Licensing
  • Change log
  • Installation
    • Getting started
    • System Requirements
    • Downloads
    • Upgrading from Access Manager v1
    • Installing the Access Manager Server
      • Creating a service account for the Access Manager Service
      • SQL installation options
      • Installing the Access Manager Service
      • High availability options
        • Load balancing Access Manager
        • Installing Access Manager in a Failover Cluster
    • Installing the Access Manager Agent
      • Choosing between the Microsoft and Lithnet agents for LAPS support
      • Installing the Access Manager Agent on Windows
      • Installing the Access Manager Agent on Linux
      • Installing the Access Manager Agent on macOS
  • Configuration
    • Setting up Authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Azure AD
      • Setting up authentication with Okta
      • Setting up smart card authentication
      • Setting up integrated windows authentication
    • Deploying Features
      • Setting up Microsoft LAPS for Active Directory
      • Setting up Microsoft LAPS for Azure Active Directory
      • Setting up Lithnet LAPS
        • Preparing the AMS directory
        • Setting the AMS directory for Lithnet LAPS clients
        • Setting up Lithnet LAPS for Azure AD joined and registered devices
        • Setting up Lithnet LAPS for domain-joined devices
        • Setting up Lithnet LAPS for macOS and Linux
        • Setting up Lithnet LAPS for standalone Windows devices
      • Setting up BitLocker access
      • Setting up JIT for computers
      • Setting up JIT for roles
    • Importing authorization rules
      • Import Microsoft LAPS permissions from Active Directory
      • Importing BitLocker permissions from Active Directory
      • Importing local administrator group membership from domain-joined Windows devices
      • Import mappings from a CSV file
      • Importing rules from the Lithnet LAPS web app
      • Performing an offline discovery of local admins
  • Help and support
    • Frequently asked Questions
    • Troubleshooting
    • Quick start guides
      • Getting started with Windows LAPS and Lithnet Access Manager
      • Getting started with Windows LAPS for Active Directory
      • Getting started with Windows LAPS for Azure Active Directory
    • Support Articles
      • KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error
      • KB000002: Users retain their admin rights after their JIT period expires
      • KB000003: Configuring the Access Manager Agent to manage an account other than 'root' on Linux
      • KB000004: Creating a log file to troubleshoot installation issues with the Access Manager Service
      • KB000005: Access Manager stops working after applying the November 2022 Windows update
      • KB000006: Migrating the Access Manager Database
      • KB000007: Adding JIT groups via Group Policy doesn't work with NTLM Disabled
      • KB000008: AMS is unable to JIT into privileged groups such as Domain Admins
    • Advanced help topics
      • Ports and traffic flows
      • Internet access requirements
      • Access evaluation in Access Manager Service (AMS)
      • Recovering from a lost encryption certificate
      • Script-based authorization
      • Customized auditing with PowerShell notification channels
      • Variables available in audit notification channels
      • Setting up audit templates
      • Backup and Restore
      • Event ID reference
    • PowerShell reference
      • Add-AmsDeviceRegistrationKeyGroup
      • Add-AmsGroupMember
      • Export-AmsServerDiagnostics
      • Get-AmsActiveDirectoryJitOptions
      • Get-AmsComputerAuthorizationRule
      • Get-AmsDevice
      • Get-AmsDeviceRegistrationKey
      • Get-AmsGroup
      • Get-AmsGroupMembers
      • Get-AmsHostConfig
      • Get-AmsJitSchedulerJob
      • Get-AmsLocalAdminPassword
      • Get-AmsLocalAdminPasswordHistory
      • Get-AmsRoleAuthorizationRule
      • New-AmsComputerAuthorizationRule
      • New-AmsDeviceRegistrationKey
      • New-AmsGroup
      • New-AmsRoleAuthorizationRule
      • Remove-AmsComputerAuthorizationRule
      • Remove-AmsDevice
      • Remove-AmsDeviceRegistrationKey
      • Remove-AmsDeviceRegistrationKeyGroup
      • Remove-AmsGroup
      • Remove-AmsGroupMember
      • Remove-AmsJitSchedulerJob
      • Remove-AmsRoleAuthorizationRule
      • Set-AmsActiveDirectoryJitOptions
      • Set-AmsComputerAuthorizationRule
      • Set-AmsDevice
      • Set-AmsDeviceRegistrationKey
      • Set-AmsGroup
      • Set-AmsHostConfig
      • Set-AmsRoleAuthorizationRule
    • Application help pages
      • Access Manager Directory configuration page
      • Access Manager Directory Devices page
      • Access Manager Directory Groups page
      • Lithnet LAPS configuration page (Access Manager Directory)
      • Access Manager Directory Registration Keys page
      • Lithnet LAPS configuration page (Active Directory)
      • Microsoft LAPS configuration page
      • Active Directory configuration page
      • Auditing page
      • Authentication configuration page
      • Computer authorization rules page
      • Role authorization rules page
      • Azure Active Directory configuration page
      • BitLocker configuration page
      • Database configuration page
      • Effective access page
      • Email configuration page
      • IP Address detection configuration page
      • Just-in-time access configuration page
      • Licensing configuration page
      • Rate limit configuration page
      • Host configuration page
      • User interface configuration page
      • Security page
    • Getting Support
Powered by GitBook
On this page
  • v2.1.1032 16th November 2024
  • Access Manager Service
  • v2.1.1029 18th October 2024
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9540 2nd August 2024
  • Access Manager Service
  • v2.0.9538 12th July 2024
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9530 7th July 2024
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9519 27rd February 2024
  • Access Manager Service
  • v2.0.9514 23rd January 2024
  • Access Manager Service
  • v2.0.9456 3rd December 2023
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9430 20th June 2023
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9427 11th June 2023
  • Access Manager Service
  • v2.0.9424 6th June 2023
  • Access Manager Service
  • v2.0.2422 9th May 2023
  • Access Manager Service
  • v2.0.2420 14th April 2023
  • Access Manager Service
  • v2.0.2419 11th Apr 2023
  • Access Manager Service
  • v2.0.9417 27th Feb 2023
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9412 18th Feb 2023
  • Access Manager Service
  • v2.0.9411 9th Feb 2023
  • Access Manager Service
  • v2.0.9410 1st Feb 2023
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9399 8th December 2022
  • Access Manager Service
  • v2.0.9395 4th December 2022
  • Access Manager Service
  • Access Manager Agent
  • v2.0.9376 18th November 2022
  • Access Manager Service
  • v2.0.9375 15th November 2022
  • Access Manager Service
  • v2.0.9373 10th November 2022
  • Access Manager Service
  • v2.0.9371 7th November 2022

Was this helpful?

Change log

PreviousLicensingNextGetting started

Last updated 5 months ago

Was this helpful?

v2.1.1032 16th November 2024

Access Manager Service

  • [FIX] Fixes an issue where the installer would not run if the machine did not have internet access.

v2.1.1029 18th October 2024

v2.1 of Access Manager moves from .NET 6 to .NET 8, to ensure extended support with the .NET Lifecycle. Please check the , as some platforms such as RHEL7 are no longer supported.

Access Manager Service

  • [CHANGE] .NET 8 ASP.NET and Desktop runtimes are now required to install the Access Manager Service

Access Manager Agent

  • [CHANGE] .NET 8 is now used for the Linux agents. Due to .NET compatibility issues, arm32 builds are no longer supported.

  • [CHANGE] .NET 8 is now used for the macOS agents.

  • [CHANGE] The arm64 build of the Windows agent now uses .NET Framework 4.8.1, rather than .NET Core, as the framework version is built into the operating system.

v2.0.9540 2nd August 2024

Access Manager Service

  • [FEATURE] Adds support for excluding forests and domains from being rendered in the UI via the Get-AmsServiceConfig and Set-AmsServiceConfig cmdlets. This is useful for cases where some domains may not be reachable from the AMS server, and cause the UI to hang when navigating and saving.

v2.0.9538 12th July 2024

Access Manager Service

  • [FIX] Fixes an issue where the installer could not upgrade instances uses an encrypted connection string

  • [FIX] Fixes an issue with the installer not correctly detecting .NET desktop runtime installation

Access Manager Agent

  • [FIX] Fixes an issue where chpasswd may fail on linux by increasing the default timeout for commands running on unix-based hosts to 15 seconds

  • [FIX] Fixes an issue with macOS uninstall script not working

v2.0.9530 7th July 2024

Access Manager Service

  • [FIX] Fixes an issue where a password rollback event does not correctly re-promote the current password

  • [FIX] Fixes a handle leak when making calls to a domain controller

Access Manager Agent

  • [FEATURE] Adds support for Ubuntu 24.04

v2.0.9519 27rd February 2024

Access Manager Service

  • [FIX] Fixes an issue where the wrong DC may be used to perform a JIT operations against a computer if the JIT operation is first performed when the computer is off

v2.0.9514 23rd January 2024

Access Manager Service

v2.0.9456 3rd December 2023

Access Manager Service

  • [FIX] Updates the Graph API endpoint used to retrieve Windows LAPS passwords from Azure AD

  • [FIX] Fixes an issue where the app upgrade check may hang, causing the UI to be unable to start

  • [FIX] Improves logging when the service is unable to read critical attributes about users from the directory due to missing permissions

  • [FIX] Fixes an issue where a JIT removal job does not get removed when a JIT request fails, preventing subsequent JIT access requests for the same user and computer to fail

Access Manager Agent

  • [FEATURE] Adds support for Debian 12 (Bookworm)

  • [FEATURE] Adds support for Fedora 38

  • [FEATURE] Adds support for Fedora 39

v2.0.9430 20th June 2023

Access Manager Service

  • [FIX] Fixes an issue where an error message appears after clicking on the help link in the Azure AD tenant information screen

  • [UPDATE] Updates installer .NET package prerequisites to 6.0.18

Access Manager Agent

  • [UPDATE] Updates macOS and Linux agents with latest .NET dependencies

  • [FIX] Updates logic to prevent the Access Manager Agent from starting when Windows LAPS is in use

  • [FIX] Fixes an issue where the agent is unable to change the local admin password when the 'Server' service is disabled

v2.0.9427 11th June 2023

Access Manager Service

  • [FIX] Fixes an issue when exporting permissions that would result in target names being exported as SIDs instead of friendly names

  • [FIX] Fixes an issue where a recently re-imaged machine with the Access Manager agent may not change its password until the next scheduled check in time

v2.0.9424 6th June 2023

Access Manager Service

  • [FIX] Fixes an issue where the web UI reports that an Azure AD device does not have a LAPS password

  • [FIX] Fixes an issue where the installer was unable to validate an Azure SQL connection string

v2.0.2422 9th May 2023

Access Manager Service

  • [FEATURE] Adds support for reading Windows LAPS passwords from Azure AD

v2.0.2420 14th April 2023

Access Manager Service

  • [FIX] Fixes an issue decrypting Windows LAPS passwords

v2.0.2419 11th Apr 2023

Access Manager Service

  • [FEATURE] Allows community edition to access encrypted Windows LAPS passwords

v2.0.9417 27th Feb 2023

Access Manager Service

  • [FIX] Fixes an issue where agents behind a reverse proxy may not be able to change their local admin passwords. Note both the agent and server must be running at least v2.0.9417

Access Manager Agent

  • [FIX] Fixes an issue where agents behind a reverse proxy may not be able to change their local admin passwords. Note both the agent and server must be running at least v2.0.9417

  • [FIX] Fixes an issue where Windows agents do not start if the Server service is disabled.

v2.0.9412 18th Feb 2023

Access Manager Service

  • [FIX] Fixes an issue where the JIT group creation service would not create groups where multiple rules were configured pointing to the same source OU

v2.0.9411 9th Feb 2023

Access Manager Service

  • [FIX] Fixes an issue where searching for a computer in a different forest by its DNS name would not work

  • [FIX] Fixes an issue where an error message would be shown in the UI when there was no certificate configuration deployed to Active Directory

v2.0.9410 1st Feb 2023

Access Manager Service

  • [FIX] Fixes an issue where the effective access calculator would show 'access denied' for LAPS history when an enterprise license was not present

  • [FIX] Fixes an issue where changes to the JIT group creation settings do not trigger a restart required message

  • [FIX] Fixes an issue where upgrading from v1.1 to v2.0 may fail

  • [FIX] Fixes an issue where you cannot JIT into a group that contains a slash character

  • [FIX] Fixes an issue where AMS-managed device password history was not purged according to policy settings

  • [FEATURE] Adds support for using certificate authentication when Access Manager is behind a load balancer

  • [FEATURE] Adds additional UI helpers for common agent and API misconfigurations

  • [FEATURE] Adds the ability to target a JIT role operation against a specific site or a specific DC

Access Manager Agent

  • [FEATURE] Improves logging for agent-side issues such as server name misconfigurations, registration modes not being enabled, and API not being enabled

v2.0.9399 8th December 2022

Access Manager Service

  • [FIX] Fixes an issue where the SQL express installer does not execute when upgrading from v1.x and using the manual download option

v2.0.9395 4th December 2022

Access Manager Service

  • [FIX] Fixes an issue where API authentication fails if the server and client are configured with host names differing by case

  • [FIX] Fixes an issue where the installer would continue the installation if the SQL Express installer failed, leading to an incomplete installation

  • [FIX] Fixes an issue where saving the config without a TLS certificate results in an "Object reference not set to an instance of an object" error

  • [FIX] Enables installer logging by default. Installer will create an MSIxxx.log file in %localappdata%\temp

  • [FIX] Fixes an issue where smart-card authentication would not work after upgrading from v1 to v2

  • [FIX] Fixes an issue where permissions for AMS admins group were missing from the registry

  • [FIX] Fixes an issue where the JIT group targeting algorithm may not select the correct DC, resulting in delays accessing servers after a successful JIT operation

  • [FEATURE] Modifies the silent installer for Windows to not require command line parameters to configure it for AD mode, allowing for a simpler deployment via group policy

  • [FEATURE] Updates PowerShell diagnostic cmdlet to include logs as well as config

  • [FEATURE] Adds the ability to generate a diagnostic log package from the 'Help' page in the config app

  • [FEATURE] The roles list is now free-text searchable

Access Manager Agent

  • [FIX] Fixes an issue where API authentication fails if the server and client are configured with host names differing by case

  • [FIX] Allows silent installation of Windows agent to default to AD mode without requiring MSI transforms or parameters

v2.0.9376 18th November 2022

Access Manager Service

v2.0.9375 15th November 2022

Access Manager Service

  • [FIX] Fixes an issue where the service installer may fail on a non-English language Windows system

  • [FIX] Fixes an issue where the New-AmsComputerAuthorizationRule and Set-AmsComputerAuthorizationRule report an error

v2.0.9373 10th November 2022

Access Manager Service

v2.0.9371 7th November 2022

[SECURITY] Addressed issue in System.Text.Json

[SECURITY] Addressed issue in Microsoft.Data.SqlClient

[FIX] Fixes an issue where the service incorrectly goes into recovery mode when the November 2022 Windows updates are applied to a DC and the regarding RC4 is in play. Now the service will instead just terminate with a message that domain connectivity is not available.

[SECURITY FIX] Updates the SQL client libraries to resolve

Initial release of v2. Review the to learn about the major changes since Access Manager v1

.NET compatibility matrix here
CVE-2024-30105
CVE-2024-0056
known issue
CVE 2022-41064
what's new in v2 article