📢 Windows 11 Build 25145 adds 'Local Administrator Password Solution', LAPS

Windows 11 Build 25145 gets native support for the legacy Local Administrator Password Solution product (aka “LAPS”)

The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.

The latest update of Windows 11 Dev (Preview) build 25145.1000 for the Windows Insiders comes with the native support for the legacy Local Administrator Password Solution (LAPS) and includes several new features. If you have used the legacy LAPS product, many of the features (mentioned below) in this new version of LAPS will be familiar to you.

1. Extend your Active Directory schema by running the Update-LapsADSchema cmdlet in the new LAPS PowerShell module.
2. Add the necessary permissions on your computer’s OU by running the Set-LapsADComputerSelfPermission cmdlet.
3. Add a new LAPS Group Policy object and enable the “Configure password backup directory” setting and configure it to backup the password to “Active Directory”.
4. The domain-joined client will process the policy at the next GPO refresh interval. Run “gpupdate /target:computer /force” to avoid waiting.
5. Once the domain-joined client has backed up a new password, run the Get-LapsADPassword cmdlet to retrieve the newly stored password (by default you must be running as a domain administrator).

To get to this new Group Policy, open the Group Policy editor and navigate to Computer Configuration > Administrative Templates > System > LAPS.

The feature is fully functional for Active Directory domain-joined clients, but Azure Active Directory support is limited for now to a small set of Insiders, says Microsoft.