update README

schorschii · Apr 25, 2024 · e68d23c · e68d23c
1 parent 22d5c1c
commit e68d23c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ Linux and macOS implementation of the Local Administrator Password Solution (LAP
 
 LAPS in general is a system which periodically changes local admin passwords on domain computers and stores them (encrypted) in the LDAP directory (i.e. Active Directory), where domain administrators can decrypt and view them. This ensures that people who leave the company do not have access to local admin accounts anymore and that every local admin has a strong unique password set.
 
-## Management Client
+## Client
 The management client enables administrators to view the current (decrypted) local admin passwords. It can be used from command line or as graphical application.
 
 Read [README.md in the laps-client dir](laps-client/) for more information.
@@ -15,7 +15,7 @@ The runner is responsible for periodically rotating the admin password of a Linu
 
 Read [README.md in the laps-runner dir](laps-runner/) for more information.
 
-## Legacy and Native LAPS
+## Support for both Legacy and Native LAPS
 Microsoft introducted the new "Native LAPS" in 2023. In contrast to Legacy LAPS, the new version uses different LDAP attributes and has the option to store the password encrypted in the LDAP directory. LAPS4LINUX supports both versions out-of-the-box. The client will search for a password in the following order: Native LAPS encrypted, Native LAPS unencrypted, Legacy LAPS (unencrypted).
 
 The runner can operate in Legacy or Native mode by switching the setting `native-laps` to `true` or `false`. In Native mode, the runner stores the password and username as JSON string in the LDAP attribute, as defined by Microsoft. In addition to that, when in Native mode, you can set `security-descriptor` to a valid SID in your domain and the runner will encrypt the password for this user/group. Please note: only SID security descriptors are supported (e.g. `S-1-5-21-2185496602-3367037166-1388177638-1103`), do not use group names (`DOMAIN\groupname`). If you enable encryption, you should also change `ldap-attribute-password` to `msLAPS-EncryptedPassword` to store the encrypted password in the designated LDAP attribute for compatibility with other Tools. Please have a look at the runner section below for more information.

diff --git a/laps-client/README.md b/laps-client/README.md
@@ -1,4 +1,4 @@
-# LAPS4LINUX Management Client
+# LAPS4LINUX Client
 The management client enables administrators to view the current (decrypted) local admin passwords. It can be used from command line or as graphical application.
 
 ### Graphical User Interface (GUI)