LAPS by WAPT
Silent install package for LAPS by WAPT
3-13
Utilities
Utilities
tis-laps-by-wapt
This guide explains how to retrieve the local administrator password generated by the tis-laps-by-wapt package.
Instructions
Steps to Retrieve the Password
-
Deploy the Package Install the tis-laps-by-wapt package on:
- The target Organizational Unit (OU), or
- The individual machines concerned.
-
Access Audit Data
- In the WAPT Console, select a machine where the tis-laps-by-wapt package is installed.
- In the right panel, navigate to the « Audit Data » tab.
-
Locate the LAPS Section
- Find the row where the « Section » column contains the value « laps ».
-
Identify the Password Key
- The associated key is named « local_admin_password ».
- If the « Decrypt Data » option is not checked, the displayed value will be encrypted in the following format:
-----BEGIN WAPT ENCRYPTION----- {"XXXXXX"} -----END WAPT ENCRYPTION-----
-
Decrypt the Value
- Check the « Decrypt Data » option to display the password in plaintext.
- Condition: Your WAPT certificate must be correctly configured on the machine for decryption to work.
Important Notes
- Decryption requires the WAPT certificate to be present and valid on the machine.
- If the certificate is missing or invalid, the value will remain encrypted.
- package: tis-laps-by-wapt
- name: LAPS by WAPT
- version: 3-13
- categories: Utilities
- maintainer: WAPT Team,Tranquil IT,Kévin Guérineau,Simon FONTENEAU,Amelie LE JEUNE,Pierre COSSON,Jimmy PELÉ
- licence: wapt_public
- locale: all
- target_os: linux
- architecture: all
- signature_date:
- size: 60.59 Ko
package : tis-laps-by-wapt
version : 3-13
architecture : all
section : base
priority : optional
name : LAPS by WAPT
categories : Utilities
maintainer : WAPT Team,Tranquil IT,Kévin Guérineau,Simon FONTENEAU,Amelie LE JEUNE,Pierre COSSON,Jimmy PELÉ
description : change and display administrator password with admin's private key
depends :
conflicts :
maturity : PROD
locale : all
target_os : linux
min_wapt_version : 2.1
sources :
installed_size :
impacted_process :
description_fr :
description_pl :
description_de :
description_es :
description_pt :
description_it :
description_nl :
description_ru :
audit_schedule :
editor :
keywords :
licence : wapt_public
homepage :
package_uuid : cdcbe889-d0c0-41e2-bbd4-2d4c0801dfc8
valid_from :
valid_until :
forced_install_on :
changelog :
min_os_version :
max_os_version :
icon_sha256sum : 3ff6547ef5ca3bd871b4ae07f6ae9060009646db2baac829120c87c285ead18b
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date : 2026-03-16T22:09:51.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature : rYJdYSPV9mYKX6jg0SL3W8teXaT497foKuhxw+n7PeZ5l5YGlY+b2PfPfMmBQVv/0JsOBuBplxkEBlesVeEdTjxU7o3jR9YQs2msGkB7QnKYqnNQx8t2pH4KQ4jf6pvAubr2UzRYzqA2uHLKD4b+dMsQfd/TgvrhZOPybk/2VIJEzseJ5q2KqThy7VQ9mEk5Yn/6zp0uK86xzNqSpQr5y+VkfdsQlUOl/jzudlX+pkkov9rsEcE/1FtnmoYaZYY6fLypPhPYV/1yoYynngngRKjmArkqguqQLKTxEpv2GOLgxSXTmt1kpWCQTn4JTkB68ePasf5wVu2LCTBGetBltA==# -*- coding: utf-8 -*-
from setuphelpers import *
import datetime
try:
import waptcrypto
if "encrypted_data_str" in dir(waptcrypto):
from waptcrypto import encrypted_data_str as rsa_encrypted_data_str
except:
pass
import secrets
users_to_change = [
'root'
]
def install():
# you can add you ssl certificate in the package in order to decrypt information in the audit_data
for crt in glob.glob("*.crt"):
filecopyto(crt, makepath(WAPT.wapt_base_dir, "ssl", crt))
audit()
def audit():
for user in users_to_change:
all_passwords = list(WAPT.read_audit_data_set("laps", f"local_{user}_password"))
if all_passwords:
last_date = list(WAPT.read_audit_data_set("laps", f"local_{user}_password"))[-1][1]
else:
last_date = None
if not last_date or (datetime.datetime.now() - isodate2datetime(last_date) > datetime.timedelta(days=365)) or force == True:
# Charger la wordlist EFF (à télécharger depuis https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)
with open("eff_large_wordlist.txt") as f:
words = [line.split("\t")[1].strip() for line in f]
passphrase = generate_passphrase(words)
if not params.get("install_with_luti", False):
run(r'usermod --password $(echo %s | openssl passwd -1 -stdin) %s' % (passphrase, user))
WAPT.write_audit_data_if_changed("laps", f"local_{user}_password", rsa_encrypted_data_str(passphrase, [WAPT.public_certs_dir]), max_count=3)
return "OK"
def generate_passphrase(word_list, num_words=4):
parts = [secrets.choice(word_list).capitalize() + str(secrets.randbelow(10)) for _ in range(num_words)]
return "-".join(parts)
1a6b620f00f4030e18b8bf199de1987bae82e8b57541750886298ac42393ddc6 : WAPT/README.MD
424412f5866d0050bf46967f2f3aefedbf1de50d6821f719b20fcc4e5d85e214 : WAPT/README_fr.md
38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
5315ed084d37878a257174ac543e4a2b74cf6ac8eb101821933fffcace97e3b5 : WAPT/control
3ff6547ef5ca3bd871b4ae07f6ae9060009646db2baac829120c87c285ead18b : WAPT/icon.png
ce144bbfd1dbaa823492d7df1f0c50c18eb89ce68008277b60fe28f199de0234 : eff_large_wordlist.txt
284f499b4bcd4eb86e1419357f0101b033a3b49f6fb2c1f031b395c7ad1deb35 : luti.json
7cc7ba911297f0a1aed06b05627e229f0492fb22fdd0cfb800c4e6b6e29a0cad : setup.py