A couple of weeks ago, Microsoft announced the availability of Windows LAPS (Local Administrator Password Solution) via the month's Patch Tuesday. The feature is available on Windows 10, Windows 11, and also on servers.
Since its release though, Microsoft confirmed interoperability issues with legacy LAPS. When legacy LAPS (MSI package) is installed on machines with the latest Patch Tuesday updates installed, both legacy, as well as the new Windows LAPS, breaks. Typically, an event log ID 10031 or 10032 is produced with the message "LAPS blocked an external request that tried to modify the password of the current managed account."
As promised, Microsoft announced that it has fixed such issues with the latest Windows 11 non-security preview updates. The fix is available for both Windows 11 21H2 (KB5025298) as well as for Windows 11 22H2 (KB5025305).
The announcement reads:
This update addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.
In related news, an unofficial third-party Simple GUI tool is now available for querying passwords and other related tasks, and it claims to works nicely on both legacy and Windows LAPS. You can find details about it in this article.
2 Comments - Add comment