Other Products

Here are some of our products that we work on outside of the Microsoft Identity Manager space.


LAPS Web App

Microsoft's Local Admin Password Solution (LAPS) is one of the most important defences against the risk of lateral movement of threats between computers when the same local admin password is used on each machine. It regularly rotates and randomizes the local administrator password on each machine, and securely stores it in Active Directory. The Lithnet LAPS web app, addresses some of the usability and auditing issues with the native product, by providing a user-friendly method of accessing LAPS passwords. 

  • Mobile friendly, web-based interface
  • Auditing of access to passwords
  • Support for external authentication providers such as AzureAD, Okta and ADFS, opening up options for multi-factor authentication
  • Supports fine-grained authorization

Idle LogOff

A group-policy enabled utility for logging off idle windows user sessions

The Lithnet Idle Logoff tool is a simple utility that allows you to log off users after a period of inactivity. It was designed specifically with kiosk and student lab scenarios in mind.

  • The tool runs in the background of each user session when installed
  • It logs the user out after a preset period of inactivity
  • It provides the ability to control all settings via a group policy


Lthnet MoveUser is a command line tool that can be used to change the owner of a profile from one user to another. It is designed to be a replacement for Microsoft's moveuser.exe tool (used for Windows XP), originally included in the Windows Resource Kit, and the Win32_UserProfile.ChangeOwner WMI method, used for Windows Vista and above. 

The Lithnet MoveUser tool provides the same functionality as the other tools, but overcomes some of the shortcomings of the Microsoft provided toolsets. It does not require any scripting knowledge, provides a consistent experience across Windows XP, Vista, and Windows 7, and provides detailed logging of progress and any errors encountered


  • Changes the owner of the profile to the destination user, and update associated permissions
  • Add the destination user to the same local groups that the source user was a member of
  • If the source account is a local account, then it can either be deleted, disabled, or left as-is after a successful migration. By default it is deleted
  • The source and destination usernames can either be provided in standard username format (domain\username, computer\username) or as a SID
  • The tool can also scan areas outside of a users profile for permissions assigned to the source user, and update them to apply to the destination user instead.

RADIUS Accounting to Palo-Alto Networks Firewall User-ID Agent

The Lithnet PAN RA Proxy is a windows service that recieves RADIUS accounting requests, and submits them as User-ID updates to a Palo Alto firewall via its web service