cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tech Community Live: Windows edition
Jun 05 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community
Find out more

Windows LAPS updates password three time in week

Windows LAPS updates password three time in week
0

Upvotes

Upvote
 Oct 25 2023
2 Comments (2 New)
Completed

We have user device which reset LAPS password three times a week while the policy is set to reset every 365 days. 

 

The current LAPS policy is configured as follows:
Policy source: CSP
Backup directory: Azure Active Directory
Local administrator account name: local.adm
Password age in days: 365
Password complexity: 3
Password length: 12
Post authentication grace period (hours): 24
Post authentication actions: 0x1

 

Password updates when Event log shows below. 

The post-authentication grace period has expired per policy. The configured post-authentication actions will now be executed.
Account name: Local.adm
Account RID: 0x3E9

 

How can we fix this and stop resetting the password. 

Comment
Comments
Jay Simmons
Microsoft
‎Oct 29 2023 06:35 AM
‎Oct 29 2023 06:35 AM

@harrys80 ,

 

Based on the data you've presented, I would guess that you have some automation in your environment that is regularly retrieving the password and performing an authentication to the managed device, which is then triggering a now+24 hours post-authentication-action-initiated password reset.  

 

The PAA feature is actually on-by-default, so you have to explicitly disable it in order to keep this from happening.   You can do that by setting the grace period to zero (0) hours.  Please try that?

 

Alternatively, if it is unexpected that any authentication of the LAPS-managed account is happening, you might want to investigate why what is happening.

 

Please PM if you have further questions - I am going to close this issue out since it's more of a support issue than a feature request.

 

thanks,

Jay

Jay Simmons
Microsoft
‎Oct 29 2023 06:35 AM
‎Oct 29 2023 06:35 AM
Status changed to: Completed
 
Similar Ideas
No similar ideas