Admin Passwords.
Rotated. Secured.

Automatic local admin password rotation for every endpoint. LAPS without Active Directory. Encrypted storage, full audit trail, instant retrieval.

Start Free Trial See How It Works

How It Works

1

Install the Agent

Deploy the lightweight CredGuard agent to your endpoints. Windows and macOS. Takes 30 seconds.

2

Automatic Rotation

The agent rotates the local admin password on a schedule you define. New passwords are generated with configurable complexity rules.

3

Encrypted Storage

Passwords are encrypted in transit and at rest. Only authorized technicians can retrieve them through your secure console.

4

Retrieve When Needed

Need the local admin password? Retrieve it instantly from the console. Every retrieval is logged with who, when, and why.

Everything You Need

Automatic Rotation

Local admin passwords are rotated automatically on your schedule — daily, weekly, or after every retrieval. No manual work.

Encrypted Storage

All passwords are encrypted with AES-256 in transit and at rest. Your credentials are protected at every layer.

Retrieval Audit Trail

Every password retrieval is logged — who retrieved it, when, and from which device. Full accountability for compliance.

Configurable Complexity

Set password length, character requirements, and exclusion rules. Meet any compliance standard or internal policy.

Multi-Tenant / MSP Ready

Manage multiple companies from one console. Per-company rotation policies and access controls.

No AD Required

Works without Active Directory. LAPS functionality for workgroups, Azure AD-only environments, and mixed estates.

Simple, Transparent Pricing

Starter

$5/device/mo
Up to 100 devices
  • Automatic rotation
  • Encrypted storage
  • 30-day audit logs

Pro

$3/device/mo
Up to 500 devices
  • Everything in Starter
  • Custom complexity rules
  • Retrieval audit trail
  • Team management

Enterprise

$2/device/mo
Unlimited devices
  • Everything in Pro
  • Custom policies
  • API access
  • Dedicated support

All plans include a 7-day free trial. No credit card required.

Frequently Asked Questions

Do I need Active Directory?

No. CredGuard works without Active Directory, Azure AD, or any directory service. It's LAPS functionality for any environment — workgroups, cloud-only, or hybrid.

How are passwords stored?

Passwords are encrypted with AES-256 both in transit (TLS 1.3) and at rest. They are stored in our secure infrastructure and only decrypted when an authorized technician retrieves them.

Who can retrieve passwords?

Only users with the appropriate role permissions can retrieve passwords. You control who has access, and every retrieval is logged with the user's identity, timestamp, and the device accessed.

How often are passwords rotated?

You configure the rotation schedule — daily, weekly, monthly, or after every retrieval. Most customers rotate every 24 hours or immediately after each use.

Can I use this as an MSP?

Absolutely. CredGuard supports multi-company management from a single tenant. Each company gets its own devices, rotation policies, and access controls.

Is there a free tier?

Yes, up to 5 devices are free forever. No credit card required.