About OVERLAPS
OVERLAPS began as a simple, self-hosted web interface for retrieving passwords managed by Microsoft’s Local Administrator Password Solution (LAPS). Since then, it has evolved into a feature-rich platform with powerful tools like a granular permissions system, password history storage, self-service support, and an authorisation request workflow.
From the original Microsoft LAPS to the new Windows LAPS launched in 2023, OVERLAPS has supported Service Desks around the world — helping teams work smarter, faster, and more efficiently. Commandline tools are great, but for everyday use, nothing beats a fast, visual way to search and retrieve passwords on any device.
OVERLAPS is easy to configure, simple to customise, and built with enterprise needs in mind. All this and more at one of the most reasonable prices in its class. If you're using LAPS, OVERLAPS is the natural next step, and if you're not, then maybe let us convince you how it could benefit you.
Microsoft Windows LAPS
Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it.
Windows LAPS (and its predecessor, Microsoft LAPS) is a security feature that automatically generates and regularly rotates unique passwords for the built-in Local Administrator account on each managed computer. These passwords are stored securely in either your on-premises Active Directory or Azure/Entra ID environment, ready for authorised Service Desk staff to access when needed.
By resetting these passwords on a schedule, LAPS helps defend against attacks like “Pass-the-Hash” by ensuring every system uses a unique, random password. This removes the risks associated with shared or predictable admin credentials, while still giving your IT team the access they need securely and efficiently.
Features
Built for Security
OVERLAPS is designed with security at its core, ensuring your LAPS data remains protected and accessible only to the right people.
End-to-End Encryption
All communication between users and the OVERLAPS interface can be secured with full SSL/TLS encryption.
Two Factor Authentication (TFA)
Support for TOTP-based MFA helps safeguard accounts with an extra layer of protection.
SAML2 Single Sign-On
Integrate with your existing identity provider such as ADFS, Azure AD, Okta, or other SAML2-compliant systems for seamless and secure authentication.
Self-Hosted by Design
OVERLAPS runs entirely within your own infrastructure, with no reliance on third-party services or exfiltration of your data.
Granular Permissions
Take full control over who can do what, where, and when with far more flexibility than native Active Directory permissions allow.
Fine-Tuned Access Control
Grant users precise permissions at the Organisational Unit (OU) level, ensuring they only see and interact with the systems they’re responsible for.
Flexible Password Access Rules
Decide who can retrieve passwords and under what conditions. Require a written justification, or trigger an authorisation request workflow for sensitive systems.
Action-Based Permissions
Control access to key actions such as password expiry, self-service device interaction, and report viewing. All permissions can be tailored to individual roles or teams.
Cleaner, Easier Management
OVERLAPS' intuitive interface makes permission assignment and auditing far easier than dealing with traditional AD security groups and ACLs.
End-User Self-Service
Empower trusted users to resolve their own issues without raising tickets or waiting on IT support.
Delegate Password Retrieval
Allow designated users to access the Local Administrator password for specific devices, without needing full access to OVERLAPS or wider systems.
Support Local “Power Users”
Assign on-site technicians, team leads, or other non-IT staff controlled access to manage their own endpoints, freeing your Service Desk from low-priority requests.
Reduce Service Desk Load
Eliminate routine Local Administrator access requests that slow down support teams, helping you improve response times and meet SLA targets.
Maintain Full Oversight
All self-service actions are logged and auditable, so you retain full visibility and control even while decentralising access.
Monitoring & Auditing
Track every action, keep detailed records, and maintain full oversight of Local Administrator password access across your organisation.
Comprehensive Audit Logging
Every request to view a password is recorded, including who accessed it, when, and from where. Logs can be retained for up to 10 years.
Searchable & Exportable Logs
Quickly search through audit entries via the web interface, or export logs for use in your preferred SIEM or compliance reporting tools.
Windows Event Log Integration
OVERLAPS can write audit entries to the Windows Event Log, making it easy to integrate with existing monitoring and alerting solutions.
Controlled Log Access
Limit access to the audit trail to designated users such as your security or compliance team without exposing sensitive activity to general users.
Authorisation Request Workflow
Enforce stronger access controls with built-in workflows that add accountability and slow down unauthorised access without slowing down your team.
Justification-Based Access
Require users to provide a reason before viewing a password. These written justifications are logged alongside the request for later auditing and review.
Manual Authorisation Workflow
For sensitive systems and added control over local power-users, require explicit approval from a designated Authoriser before access is granted. Users can submit a request, but no password is revealed until it is approved.
Fast, Email-Driven Notifications
Keep the workflow efficient with automatic email notifications to Authorisers and Requesters, enabling prompt decisions without delays.
Fully Configurable Per-User or OU
Apply different approval requirements based on user roles or the systems they’re accessing, whether through granular permissions or self-service assignments.
Modern, Responsive Web Interface
Access LAPS-managed passwords quickly, securely, and from any device. No ADUC access or PowerShell required.
Accessible Anywhere
Use any modern browser to access OVERLAPS from desktops, laptops, tablets, or phones without installing any apps or special software.
No More PowerShell Friction
Unlike native LAPS tools that rely on PowerShell or Windows-only clients, OVERLAPS provides a clean, user-friendly web interface that’s faster and easier to navigate, particularly for non-technical users.
Customisable Branding
Tailor the interface with your organisation’s logo and name for a consistent experience across teams. Full theme customisation is planned as well.
Responsive, Lightweight Design
The UI is optimised for performance and usability, making it equally effective whether you’re at a helpdesk terminal or out in the field.
Plans & Pricing
Show Prices in:
Failed to load product pricing information.
- *. All prices exclude VAT. The correct tax for your country or region will be calculated and added at checkout.
- 1. Extra instances can be used for testing, development, resilience, or for the siloing of separate security zones or resources.
- 2. All domains must be contained in a single forest and owned by the same legal entity (company, government department, etc).
- 3. All domains must be owned by the same legal entity (company, government department, etc). For unlimited domain usage across entities, talk to our Support Team about MSP opportunities.
- 4. Includes access to priority support channel and shorter guaranteed response times.
Start Your Free 30-Day Trial
Experience the full version of OVERLAPS for Microsoft LAPS at no cost. Register today to download a fully-featured 30-day trial and see how it fits into your workflow. No payment details, no commitment.
Screenshots
Dark Mode User Interface
Reduce eye strain during extended sessions with OVERLAPS’ sleek dark mode, designed for low-light environments. An optional high contrast mode is also available to support visually impaired users and accessibility compliance.
Password View
Passwords are displayed in a clear, console-style font to eliminate ambiguity between similar characters (e.g. O “oh” and 0 “zero”) to reduce errors when manually entering or sharing credentials.
Phonetic View
Communicate passwords clearly and confidently with the Phonetic Password View. Choose from built-in phonetic alphabets or define your own to suit your organisation's standards and communication needs.
Password History
Enable Password History to maintain a record of each device’s previous credentials. Perfect for troubleshooting, audits, or rollback scenarios without compromising security.
Navigating Active Directory and Microsoft Entra
Seamlessly browse your on-premises Active Directory domains and Microsoft Entra tenants. OVERLAPS simplifies directory navigation while respecting all permission boundaries.
User's View of the Authorisation Request System
Empower users with secure, controlled access through the Authorisation Request System. Rather than granting immediate access to credentials, users must submit a request (approved or denied by per-OU or Self-Service designated authorisors), ensuring oversight and accountability.
Authorisor's View of the Authorisation Request System
Authorisors receive real-time email notifications for incoming access requests. Manage outstanding approvals efficiently via an intuitive interface, with support for both individual and bulk processing.
Detailed History Log
Track every user interaction with OVERLAPS through a detailed audit log. All events can be exported or forwarded to the Windows Event Log which makes it ideal for compliance, monitoring, and security reviews.
Granular Per-OU Permissions
Apply fine-grained access controls at the OU and Entra Group level. Assign specific permissions to users and groups to enforce strict operational boundaries and meet organisational policy requirements.
Search Functionality and Batch Password Retrieval
Effortlessly locate devices across authorised containers using advanced search functionality. Retrieve passwords individually or in bulk for rapid access and streamlined export-ideal for high-efficiency workflows.