LAPS (Local Admin Password Solution) for Windows "JC miniLAPS"
📄 Overview
To implement JumpCloud MiniLAPS, a lightweight Local Administrator Password Solution (LAPS) for Windows devices managed by JumpCloud. This solution rotates and securely stores the local admin password within JumpCloud system description.
✅ Key Features
1. Automatically rotates local admin passwords on a schedule
2. Securely stores passwords in the Jumpcloud Device Description field. Attached the SS for reference.
3. Compatible with Windows 10/11 Pro systems bound to Jumpcloud
🔧 Requirements
1. This script doesn't require an API- or ConnectKey as it is utilising the SystemContext-API
2. The Administrator account is unified and most importantly, in this case, not managed by JumpCloud or any other central IAM solution
3. This current version also checks if the specified Administrator exists on a device or not. If not, the account will be created and added to the local group 'Administrators'
❗ Caveats
1. This script won't work with systems where the SystemContext-API isn't available-
2. Such systems have been enrolled via the JumpCloud UserConsole.
3. You can identify such systems by checking for a
provisionerID. Run the following command:If provisionerID exists, the device was enrolled via the User Portal and is not compatible with JC-miniLAPS.
Enrolled via JumpCloud User console
If the system was enrolled in JumpCloud in this way it would make sense that the system context API is not available for this system.
For devices enrolled via the User Portal, use the alternate script which requires an API key. (Script can find here)
🛠️ Deployment Steps
In the Admin Console:
Go to Devices → Commands
Click + Create Command
Choose:
Command Type: Windows
Command Name: JC MiniLAPS – Rotate Admin Password
Command : Paste the PowerShell script (The script can be found here.)
Windows Powershell : Check the box
Launch Event : Choose either:
Manual (for on-demand rotation)
Scheduled (e.g., weekly, monthly)
Explore More Option
System Assignment: Assign to the specific device & Device group.
Save the command
📎 Reference
-
JC MiniLAPS Community Script Page
Thank you
Related Articles
JC Go Extension Deployment via JumpCloud (macOS & Windows)
JC Go Extension is deployed to user device via Jumpcloud. Browsers ✅ macOS Browser Deployment Method Google Chrome .plist/.xml Microsoft Edge .plist/.xml Brave .plist/.xml ✅ Windows Browser Deployment Method Google Chrome PowerShell Microsoft Edge ...Deleting Unwanted User Profiles from macOS and Windows using JumpCloud
Deleting Unwanted User Profiles from macOS and Windows using JumpCloud Overview This guide provides steps to identify and remove unwanted/suspended user profiles from macOS and Windows systems through JumpCloud Commands. It ensures that only the ...Set password expiration for users currently marked as 'Password Never Expires' in bulk (User Group Base) from Powershell
Set password expiration for users currently marked as 'Password Never Expires' in bulk Step 1 Install the JumpCloud Module on your Powershell ( Windows/ MAC ) Install JumpCloud on Windows. Open Powershell as Administrator. Run this cmd -> ...Pull All Local Account Details from All Devices
Pull All Local Account Details from All Devices Step 1 Install the JumpCloud Module on your Powershell ( Windows/ MAC ) Install JumpCloud on Windows. Open Powershell as Administrator. Run this cmd -> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned ...Mac User Profile Locked/Disabled – Resolution Guide
Issue Summary Name: Mac User Profile Got Locked/Disabled Possible Reasons for Locked/Disabled Account 1. Exceeding the allowed number of incorrect password attempts. 2. Jumpcloud password doesn’t match the local account. it may trigger a lockout 3. ...