Hey, what’s good everyone. I’m trying to get LAPS set up on our Mac fleet because having the exact same local admin password on 200 machines is straight-up giving me anxiety lol. I was poking around the portal and saw there are “Basic” and “Advanced” options.
I don’t need anything crazy complicated right now, just the standard baseline to keep us safe. How do I actually trigger the Basic LAPS, and what is it actually doing behind the scenes? Appreciate y’all!
9 Views
Hi @luke, welcome to the Hexnode Connect community!
You are absolutely right to prioritize this. Moving away from static local admin passwords is one of the most effective steps you can take to secure your macOS fleet and prevent lateral movement in the event a device is compromised.
Basic LAPS is designed for exactly your scenario: it provides a rapid, streamlined deployment for IT admins who want immediate baseline security without configuring complex parameters. When activated, Hexnode automatically provisions a default local administrator account on your targeted Macs and handles the credential management entirely in the background.
Here is what happens behind the scenes with Basic LAPS:
Automatic Rotation: The password is automatically rotated every 60 days.
Standardized Length: Passwords are generated with a fixed length of 8 characters.
Password History: Hexnode securely retains the last 3 passwords to ensure they are not immediately reused.
How to activate it: You can deploy this in just a few clicks by editing an existing macOS policy or creating a new one:
Whenever you or your team need to authenticate on a Mac for maintenance, simply navigate to that device’s summary page under the Manage tab. Click on Local Accounts > LAPS, and you will be able to securely view the current active password.
Hope this helps give you some peace of mind! Let us know if you have any questions during the rollout.
Don't have an account? Sign up
