Defend against ransomware and other lateral movement-based attacks
Reduce the likelihood and impact of a wide-spread compromise in your environment by removing permanent administrative access to your workstations and servers.
By making sure every computer has a unique local admin password and removing all other members of the built-in local Administrators group, you can limit the ability for credential-stealing ransomware to move laterally across your environment.
Access Manager makes it as seamless as possible for admins to access LAPS passwords, or grant themselves temporary just-in-time admin access. Access Manager isn’t a silver bullet guaranteed to protect you from this type of attack, but it forms a fundamental part of a defence-in-depth strategy against them.
Web-based access to local admin passwords
Access Manager provides a simple web-based and mobile-friendly interface for accessing local admin passwords for Windows, macOS and Linux devices. There’s no need for admins to install custom software, or have access to AD administrative tools to access LAPS passwords.
Access historical local admin passwords
Deploying the Lithnet Access Manager Agent to your fleet allows you to upgrade to encrypted local admin passwords and gain the benefit of having previous local admin passwords stored in the directory as well. This means no more issues getting locked out of computers when they are restored from backup or reverted from a snapshot.
Just-in-time administrative access to computers
Using the same web interface, users can request that their account be added to a group that is a member of the local administrators group of the computer. This access is temporary and automatically removed after the allowed time period.
Just-in-time access to custom roles
Access Manager allows you to provide your users with just-in-time access to custom roles that you define. When a user is granted access to a role, Access Manager will add them to the corresponding Active Directory group, and automatically remove them when the allowed time period has elapsed.
Easy access to BitLocker recovery passwords
Authorized users can also request access to the BitLocker recovery passwords for a computer through the same easy-to-use web interface.
Editions
Community Edition. Access Manager Community Edition is our core offering, that contains all the features that an organization needs to help defend themselves from lateral movement-based attacks. You can provide your users full access to Microsoft LAPS passwords and request just-in-time admin access to computers all from the convenience of their browser. Community Edition is completely free for any organization of any size to use.
Enterprise Edition is a must for organizations who want to take full advantage of the capabilities of Access Manager, and know they have the full backing of the Lithnet support team to help them keep their environment running smoothly. Enterprise Edition adds additional functionality essential for enterprise environments, such as support for high availability and access to LAPS history.
Community and Enterprise Edition features comparison
| Feature | Community Edition | Enterprise Edition |
|---|---|---|
| Access to local admin passwords set by the Microsoft LAPS agent |  |
|
| Access to local admin passwords set by the Lithnet Access Manager Agent | |
|
| Access to encrypted local admin passwords set by the Lithnet Access Manager Agent | |
|
| Access to BitLocker recovery passwords | |
|
| Just-in-time administrative access to Windows computers | |
|
| Just-in-time access to custom roles | Limited to 3 roles | |
| Support for non-domain joined Windows clients | Limited to 100 devices | |
| Support for macOS devices (Intel and arm64) | Limited to 100 devices | |
| Support for Azure AD joined Windows 10 and higher devices | Limited to 100 devices | |
| Support for Linux distributions (x64, arm64) 1 | Limited to 100 devices | |
1 See the page on supported Linux operating systems for more details
Request a quote for Access Manager Enterprise Edition
Documentation
At Lithnet, we know that transparency saves operational time and increases success. Get the full picture of our tools by accessing our documentation below.
Delivering software solutions for your security teams and administrators
We design our products with care and purpose. They are specific in the problems they solve, their implementation and use. From meeting the needs of Enterprise Business to the individual Service Desk user - we understand what is needed and build effective solutions from our experience.