tis-laps-by-wapt icon

LAPS by WAPT

Silent install package for LAPS by WAPT

3-11
Utilities
Utilities
Luti Build VirusTotal

tis-laps-by-wapt

This guide explains how to retrieve the local administrator password generated by the tis-laps-by-wapt package.

Instructions

Steps to Retrieve the Password

  1. Deploy the Package Install the tis-laps-by-wapt package on:

    • The target Organizational Unit (OU), or
    • The individual machines concerned.

  2. Access Audit Data

    • In the WAPT Console, select a machine where the tis-laps-by-wapt package is installed.
    • In the right panel, navigate to the « Audit Data » tab.

  3. Locate the LAPS Section

    • Find the row where the « Section » column contains the value « laps ».

  4. Identify the Password Key

    • The associated key is named « local_admin_password ».
    • If the « Decrypt Data » option is not checked, the displayed value will be encrypted in the following format: 
      -----BEGIN WAPT ENCRYPTION-----
{"XXXXXX"}
-----END WAPT ENCRYPTION-----

  5. Decrypt the Value

    • Check the « Decrypt Data » option to display the password in plaintext.
    • Condition: Your WAPT certificate must be correctly configured on the machine for decryption to work.

Important Notes

  • Decryption requires the WAPT certificate to be present and valid on the machine.
  • If the certificate is missing or invalid, the value will remain encrypted.

  • package: tis-laps-by-wapt
  • name: LAPS by WAPT
  • version: 3-11
  • categories: Utilities
  • maintainer: WAPT Team,Tranquil IT,Simon FONTENEAU,Amelie LE JEUNE,Pierre COSSON,Jimmy PELÉ
  • licence: wapt_public
  • locale: all
  • target_os: windows
  • architecture: all
  • signature_date:
  • size: 60.79 Ko

package           : tis-laps-by-wapt
version           : 3-11
architecture      : all
section           : base
priority          : optional
name              : LAPS by WAPT
categories        : Utilities
maintainer        : WAPT Team,Tranquil IT,Simon FONTENEAU,Amelie LE JEUNE,Pierre COSSON,Jimmy PELÉ
description       : change and display administrator password with admin's private key
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : windows
min_wapt_version  : 2.1
sources           : 
installed_size    : 
impacted_process  : 
description_fr    : 
description_pl    : 
description_de    : 
description_es    : 
description_pt    : 
description_it    : 
description_nl    : 
description_ru    : 
audit_schedule    : 
editor            : 
keywords          : 
licence           : wapt_public
homepage          : 
package_uuid      : bcfaeeec-9cba-4172-b2e0-9f72fd568b9f
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 
max_os_version    : 
icon_sha256sum    : 3ff6547ef5ca3bd871b4ae07f6ae9060009646db2baac829120c87c285ead18b
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date    : 2026-03-16T22:13:20.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature         : LYaWUV5tz4OGDHvrjSpjar+hTjiWMQ+eo48yiJSfesO6anlNjMusLwDSbjTVEIFX77T29+8pGYFm8pvX9j4OQqt/e+JWpjqJiZ0Ns5DoQrPCHCUI6m2DVpxDaXBU4aXEsmj1FJCa1g5WDB/WBIGvq3K1KgHjoYqUe4lE9sm+LSzCb9+k7U/YzxIoiET2098mQyj3gDdxM129Kx5IAtTosszY8NG5tXOUNv409psjcpZWP5n98eRpkgLzZsaqV1bHxO+ct01K387g/GkUt52pbPrR7zye5dj9AtmpQvRSLlgaYsFUy5y2OmKsXT/EO8nsRHuiI7AfvVdq55e1EjvDSA==

# -*- coding: utf-8 -*-
from setuphelpers import *
import win32net
import win32security
import datetime

try:
    import waptcrypto

    if "encrypted_data_str" in dir(waptcrypto):
        from waptcrypto import encrypted_data_str as rsa_encrypted_data_str
except:
    pass

import secrets


# dict_admin = {
#     "en": "administrator",
#     "fr": "administrateur",
#     "de": "administrator",
#     "pl": "administrator",
#     "es": "Administrador",
#     "pt": "administrador",
#     "it": "administrator",
#     "nl": "administrator",
#     "ru": "Администратор",
# }


def install():
    # you can add you ssl certificate in the package in order to decrypt information in the audit_data
    for crt in glob.glob("*.crt"):
        filecopyto(crt, makepath(WAPT.wapt_base_dir, "ssl", crt))
    audit()


def audit():
    all_passwords = list(WAPT.read_audit_data_set("laps", "local_admin_password"))
    if all_passwords:
        last_date = list(WAPT.read_audit_data_set("laps", "local_admin_password"))[-1][1]
    else:
        last_date = None
    if not last_date or (datetime.datetime.now() - isodate2datetime(last_date) > datetime.timedelta(days=365)) or force == True:
        # Charger la wordlist EFF (à télécharger depuis https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)
        with open("eff_large_wordlist.txt") as f:
            words = [line.split("\t")[1].strip() for line in f]
        passphrase = generate_passphrase(words)
        locsid = str(win32net.NetUserModalsGet(get_computername(), 2)['domain_id']).split(':',1)[-1]
        sid = win32security.GetBinarySid(locsid + "-500")
        admin_local_user, domain, typ = win32security.LookupAccountSid(wincomputername(), sid)

        if not params.get("install_with_luti", False):
            run(r'net user "%s" "%s"' % (admin_local_user, passphrase))

        run(r'net user "%s" /active:yes' % admin_local_user)
        WAPT.write_audit_data_if_changed("laps", "local_admin_password", rsa_encrypted_data_str(passphrase, [WAPT.public_certs_dir]), max_count=3)
    return "OK"

def generate_passphrase(word_list, num_words=4):


    parts = [secrets.choice(word_list).capitalize() + str(secrets.randbelow(10)) for _ in range(num_words)]
    return "-".join(parts)


1a6b620f00f4030e18b8bf199de1987bae82e8b57541750886298ac42393ddc6 : WAPT/README.md
424412f5866d0050bf46967f2f3aefedbf1de50d6821f719b20fcc4e5d85e214 : WAPT/README_fr.md
38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
5bdc3ff09db80c29edc5713227326c31ade43176fa31df3040a4f4dffbf94ad6 : WAPT/control
3ff6547ef5ca3bd871b4ae07f6ae9060009646db2baac829120c87c285ead18b : WAPT/icon.png
ce144bbfd1dbaa823492d7df1f0c50c18eb89ce68008277b60fe28f199de0234 : eff_large_wordlist.txt
cc6be10f82806f2756d21e69037630ea4ebfface3cef20c589aa6625225781b4 : luti.json
f8d11bc285b2327301ada61269091d9bf9c000ccfa7f4e573dea5f9bf721973b : setup.py