When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Following Windows Patch Tuesday LAPS release, Microsoft warns about major legacy issues

windows 11 and windows 10 logos in red

A few days back, Microsoft announced the availability of Windows LAPS (Local Administrator Password Solution) via the month's Patch Tuesday. The feature is available on Windows 10, Windows 11 and also on servers.

Since its release though, Microsoft has confirmed interoperability issues with legacy LAPS. When legacy LAPS (MSI package) is installed on machines with the latest Patch Tuesday updates installed, both legacy, as well as the new Windows LAPs breaks. Typically, an event log ID 10031 or 10032 is produced with the message "LAPS blocked an external request that tried to modify the password of the current managed account."

Microsoft has also issued a workaround for the bug:

We have verified a reported legacy LAPS interop bug in the above April 11, 2023 update. If you install the legacy LAPS GPO CSE on a machine patched with the April 11, 2023 security update and an applied legacy LAPS policy, both Windows LAPS and legacy LAPS will break. Symptoms include Windows LAPS event log IDs 10031 and 10032, as well as legacy LAPS event ID 6. Microsoft is working on a fix for this issue. You can work around this issue by either: a) uninstalling legacy LAPS, or b) deleting all registry values under the HKLM\Software\Microsoft\Windows\CurrentVersion\LAPS\State registry key.

On its LAPS overview page, Microsoft has also provided a more detailed description of the two issues being documented:

Issue #1: If you install the legacy LAPS CSE on a device patched with the April 11, 2023 security update and an applied legacy LAPS policy, both Windows LAPS and legacy LAPS will enter a broken state where neither feature will update the password for the managed account. Symptoms include Windows LAPS event log IDs 10031 and 10033, as well as legacy LAPS event ID 6. Microsoft is working on a fix for this issue.

Two primary workarounds exist for the above issue:

a. Uninstall the legacy LAPS CSE (result: Windows LAPS will take over management of the managed account)

b. Disable legacy LAPS emulation mode (result: legacy LAPS will take over management of the managed account)

Issue #2: If you apply a legacy LAPS policy to a device patched with the April 11, 2023 update, Windows LAPS will immediately enforce\honor the legacy LAPS policy, which may be disruptive (for example if done during OS deployment workflow). Disable legacy LAPS emulation mode may also be used to prevent those issues.

You can find more details on LAPS and the issues over on Microsoft's website.


Update: A senior Microsoft exec has announced that the the issue will be corrected in the next release for each of the affected operating systems.

Thanks for the tip binaryzero!

Report a problem with article
Apple Store in BKC Mumbai
Next Article

Apple's first retail store in India to open tomorrow in BKC, Mumbai

Samsung in front of a blockchain image
Previous Article

Report says Samsung is thinking about dumping Google Search for Microsoft Bing on its phones

Join the conversation!

Login or Sign Up to read and post a comment.

15 Comments - Add comment