question

ThisisParya-7758 avatar image
0 Votes"
ThisisParya-7758 asked ThisisParya-7758 answered

LAPS PASSWORD NOT WORKING IN NEW JOINED SYSTEM

Hello there,
We have a policy for LAPS installation in clients' systems, I have two question that I don't know the reason.
1) In many cases, it has been observed that when we join a system after replacing Windows, the password displayed in LAPS can not be used to login to the client. (LAPS is installed there but not the pass is not the same of admin)
2) In some cases it takes too long that LAPS being installed in their system! (We had put the file in the nearest DC), and the network is OK!

would u plz guide me about the reasons?

windows-active-directorywindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThisisParya-7758 avatar image
0 Votes"
ThisisParya-7758 answered

After All, I figured out that if LAPS being installed in a system and the expiration time for example be " 40 days", during this period if someone who has access to reset local admin, reset the local admin, LAPS wouldn't update it until the expiration time passes.
Best Regards.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThisisParya-7758 avatar image
0 Votes"
ThisisParya-7758 answered yannara commented

Hi,
I found that it's normal, because the LAPS policy updates every 40days for each client by using GPO and if a helpdesk admin reset the password manually, it won't be update until the 40 days. Is it possible to keep the 40 days and force clients that by using the gpupdate the LAPS password again be set to admin?

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

When LAPS policies kicks in for the first time, the password should be generated, so 40 days is not the problem here.

0 Votes 0 ·

I meant not the first time it kicks in.
After the Computer get the policy of LAPS and the Password of LAPS generated, if the local admin password changed manually, Shall we wait for 40 days to LAPS be regenerated?

0 Votes 0 ·

@ThisisParya-7758 yes probably you need to wait. With LAPS solution, you should not have any need to change password manually :)

0 Votes 0 ·
yannara avatar image
0 Votes"
yannara answered

Please be informed, that LAPS client logs its events like this. By going them through, you should understand the problems.

121895-image.png



image.png (66.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.