Lithnet Access Manager re-imagines the LAPS experience with RapidLAPS

All the security of LAPS. None of the friction.

LAPS is one of the most effective defences against lateral movement — a unique admin password on every machine means a compromised credential can't spread. But LAPS passwords are long, random, and painful to use. Retrieving them means digging through AD tools. Typing them means squinting at a 30-character string at a logon screen. The result: teams resist deploying it, or work around it, and the security benefit never materialises.

RapidLAPS changes that. It integrates directly with the Windows logon screen, letting authorised users log in to the LAPS account by scanning a QR code or entering a PIN. The password is delivered behind the scenes — your admins never see it, type it, or need to look it up. No app required.

Select the RapidLAPS tile to start the login process.

Scan the QR code with your phone camera - no app required.

No phone? Just visit the URL shown on the screen and enter the PIN when prompted.

Review and approve with a single click

You’ve logged in as the local administrator, without having to touch the LAPS password.

Try Access Manager for free - up to 100 devices, no time limits

Learn more about Access Manager
Download community edition
Read the getting started docs

Frequently asked questions

  • RapidLAPS requires two components. The Access Manager Server, and the Access Manager Agent. The agent installs a Windows Credential Provider onto the machine, which when invoked, creates a request for the LAPS password and sends it to the server.

    The server then waits for the request to be either approved, or denied by an appropriately authorized user.

    Once authorized, the LAPS password is retrieved from the relevant directory, encrypted with a one-time key and sent to the agent.

    The agent then passes the LAPS password to the Windows logon provider, and the authentication proceeds as normal.

  • RapidLAPS can retrieve LAPS passwords set by the legacy Microsoft LAPS agent, the new Windows LAPS agent, or by the Access Manager agent itself.

    The Access Manager agent must be deployed to the device, but the LAPS password management feature of the agent does not need to be used.

  • RapidLAPS does not require internet access. However, it does require line-of-sight to the Access Manager server. If your agents are off-network, and you want to support RapidLAPS operations, then you'll need to ensure the clients can connect to the Access Manager server. This can be using something like an always-on VPN, or publishing the API endpoint via a reverse proxy or web application firewall.

  • The community edition of Access Manager allows you to deploy up to 100 agents for free.

    For larger environments, you can learn more about purchasing the Enterprise edition of Access Manager on our pricing page.

Need more than 100 devices?

Enterprise edition removes the device cap, adds high availability, PowerShell management, Splunk integration, and formal Lithnet support.

Compare editions
Request a quote
Review pricing