The capacities listed below are the ones that are currently actively supported by EasyLAPS.
Any idea to enrich EasyLAPS capacities or being able to adopt EasyLAPS ? Feel free to send a feature request via the form available at the bottom on the Introduction page.
|Execution logics||• Logic #1 : The password is stored in encrypted form in the MDM and is stored in clear text form in a local protected file. EasyLAPS uses the locally stored password as the current password to manage the rotation to the new generated one which is then written in the MDM. The public key used for the encryption is part of the EasyLAPS configuration file. The private key is not present on the device and must be kept in restricted access. This logic fits best when a large number of technicians have access to the MDM console and only those who own a copy of the EasyLAPS-Toolkit with the private key can reveal a rotated password.
• Logic #2 : The password is stored in clear text form in the MDM and is never stored locally. EasyLAPS reads the password stored in the MDM and uses it as the current password to manage the rotation gracefully to the new generated one which is then written in the MDM. The logic fits best when a restricted number of technicians have access to the MDM console and then are able to reveal a rotated password.
|Rotation frequency||The password rotation process is triggered after a specified number of days until it is successful|
|Forbidden characters||A list of characters that must not be used in the new password generated can be configured to prevent reading difficulties|
|Prefix||The prefix « easylaps- » can be added to the password stored in the MDM|
|Local Administrator account|
|Account creation||• The defined local administrator account is created automatically if missing
• The local administrator account parameters include Account name, Full name, UID, Shell, Home folder, Password and Hidden flag
|Account remediation||The Full name, Shell and Hidden flag parameters are reverted to the targeted ones if detected as modified|
|Account picture||The local administrator account can be customized with a picture provided by your organization (PNG file)|
|Administrative privileges||• EasyLAPS can be configured so only the local administrator account has administrative privileges on the device
• In this context, the other accounts lose their administrative privileges if they have any
• It is still possible to specify account names which escape this degradation
|Logs||• By default, EasyLAPS is executed silently and does not produce Logs
• The production of Logs, used for debugging purposes and stored only locally on the device, must be explicitly requested
|Trust||EasyLAPS is signed and notarized so you are confident that the software has been checked for any malicious code|
|macOS compatibility||EasyLAPS is currently compatible with macOS 12 (Monterey), macOS 11 (Big Sur), macOS 10.15 (Catalina), macOS 10.14 (Mojave) and macOS 10.13.4 or later (High Sierra)|
|Processor compatibility||EasyLAPS is compatible with Apple silicon and Intel processors|