Compatibility mess breaks not one but two Windows password tools

Trending 5 months ago

Integrating nan Local Administrator Password Solution (LAPS) into Windows and Windows Server that came pinch updates earlier this week is causing interoperability problems pinch what's called bequest LAPS, Microsoft says.

Redmond touted nan LAPS integration successful nan April 11 KB5025224 and KB5025239 cumulative updates, penning that "Windows LAPS is simply a immense betterment successful virtually each area beyond Legacy LAPS."

However, users found that installing nan caller Windows LAPS could break some that and nan Legacy LAPS.

"If you instal nan bequest LAPS GPO CSE connected a instrumentality patched pinch nan April 11, 2023 information update and an applied bequest LAPS policy, some Windows LAPS and bequest LAPS will break," Microsoft writes. "Symptoms see Windows LAPS arena log IDs 10031 and 10032, arsenic good arsenic bequest LAPS arena ID 6."

The vendor is moving connected a fix, but successful nan meantime arsenic a workaround, users tin either uninstall Legacy LAPS aliases delete each registry values nether nan HKLM\Software\Windows\CurrentVersion\LAPS\State registry key.

LAPS isn't a caller merchandise to Microsoft. Admins usage nan instrumentality to negociate passwords connected section administrator accounts by regularly rotating them and backing them up to on-premises Active Directory.

"LAPS has proven itself to beryllium an basal and robust building artifact for AD endeavor information connected premises," wrote Jay Simmons, a package technologist pinch Microsoft. "We'll affectionally mention to this older LAPS merchandise arsenic 'Legacy LAPS.'"

  • While Twitter wants to waste its verification, Microsoft will do it for free connected LinkedIn
  • Microsoft mucks pinch PrtScr cardinal for first clip successful decades
  • Microsoft's Garage set offers medium of experimental Excel jazz
  • Microsoft switches gears, keeps Exchange Online's CARs astir until Sept 2024

With nan April 11 information update, Microsoft announced LAPS integration pinch Windows 10 and 11 Pro, EDU, and Enterprise editions, Windows Server 2019 and 2022, and Windows Server Core 2022.

Redmond said nan instrumentality successful Windows is natively integrated arsenic an inbox characteristic and "is fresh to spell out-of-the-box," truthful users nary longer person to instal an outer MSI package. Future fixes and updates will beryllium provided done nan regular patching process.

The integration comes pinch caller capabilities for some on-premises AD environments and upcoming Azure AD for unreality scenarios, which is successful backstage preview now but will modulation to nationalist preview later this quarter. Among nan caller features are enhanced argumentation management, automatic password rotation, a dedicated arena log, and a caller PowerShell module.

According to Microsoft, nan benefits of Windows LAPS spell beyond regularly rotating and managing section admin relationship passwords. The instrumentality besides will protect organizations against pass-the-hash and lateral-traverse attacks, amended information for distant thief desks, and alteration admins to motion into and retrieve devices that different would beryllium inaccessible.

It besides delivers entree power lists and optional password encryption for information passwords stored successful Windows Server AD and support for nan Azure role-based entree power exemplary for securing passwords stored successful Azure AD. ®