Create an opt-in configuration option that tells the LAPS service to not use certain characters in LAPS-generated passwords, such as o, O, 0, l, 1, etc.
Create an opt-in configuration option that tells the LAPS service to not use certain characters in LAPS-generated passwords, such as o, O, 0, l, 1, etc.
Thank you @JasonLoosus - I agree this is a good idea and I have gotten the feedback from multiple customers. I have captured the feedback as a backlog item.
I don't mind characters like 0, 1, o, O, etc. where you can distinguish between them, but lower case L and capital i are indistinguishable (because of the font dictated by the page body CSS).
This is a great suggestion that would help avoid much frustration, makes a lot of sense.
Agreed, the LAPS options should be more userfriendly. Also the use of special characters should be limited (e.g. ignore ` ´ ' ").
I have just come across this issue... - take a look at my LAPS password....
you would never guess the difference between lower case L and capital i
[5K7NzlxZI7[E]
[5K7NzlxZI7[E]
please fix this - simple as changing the font, like the code option in this post :)
@Sebastian Pasch - yep I got it.
There are two improvements in the pipeline: a new password complexity setting that uses a slightly smaller dictionary which excludes the commonly confused characters (like L and I in your example).
In addition, the LAPS tab in ADUC has been tweaked to use a simpler font:
It looks from your screen snippet that you are retrieving a password from the Entra management portal. So the ADUC fix probably won't help you, but the simpler character dictionary should. The Entra team has also received similar feedback about the fonts used to display passwords in their portal.
Thanks for the feedback!
Jay
Thanks @Jay Simmons !
indeed we are using EntraID/intune for LAPS - we are just rolling out LAPS across our environment and fully adopting the modern management approach.
If there is any way to push for the portal update, I'd be more than happy to demonstrate the business impact.
Thanks
Sebastian Pasch
@Sebastian Pasch - I just now passed on your latest feedback to the Entra team. Otherwise the next best thing I can suggest is posting a request to fix the problem on the following Entra forum:
Microsoft Entra (Azure Active Directory) · Community
Hopefully the issue will get more visibility there. And please copy your post link back in this topic - maybe we can get a vigorous feedback loop going between the two forums :-).
thanks,
Jay
thanks so much Jay,
I found one existing post there as well and replied to it - also linking back here:
Hi @JasonLoosus (and others in this thread):
Please check out the new Windows LAPS "improved readability" password complexity feature (and other new features!) that dropped in today's 26040 Canary build:
Announcing Windows 11 Insider Preview Build 26040 (Canary Channel)
I am actively seeking feedback on all of these features - just let me know.
I realize that the new "improved readability" password complexity feature does not exactly match the requested feature (configurable ability to exclude certain characters). To keep things as simple as possible, I chose instead to implement an alternate "dictionary" setting which has all of the confusing characters removed. (Plus improving the password font as used in ADUC.)
Of course, you could also just switch to using passphrases which are even better IMO. :)
Jay
Thanks so much @Jay Simmons - looks like changing complexity value from 4 to 5 is going to fix that for us in omitting the problematic carachters to be used! That's great news!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.