Blog Post

Windows IT Pro Blog
4 MIN READ

By popular demand: Windows LAPS available now!

JaySimmons's avatar
JaySimmons
Icon for Microsoft rankMicrosoft
Apr 11, 2023
Welcome to the new and improved Windows LAPS! That's Local Administrator Password Solution. We've been listening to your feedback and requests, and the day is finally here for both cloud and on-premi...
Updated Nov 09, 2023
Version 7.0
security
servicing and updates
JaySimmons's avatar
JaySimmons
Icon for Microsoft rankMicrosoft
Apr 25, 2023

Hi Alban1998 

 

>>many thanks for all the hard work you put into this (I understand you are the PM for this new feature ?).

 

Thanks!  With respect to the new Windows LAPS client, I pretty much did everything (design, develop, test, document, ship, evangelize, make videos, answer forum questions, etc) to get it out the door and into your hands. I also wrote the initial version of the Azure endpoint that was added to support Windows LAPS.  I should add, I definitely had a ton of design and code review help behind the scenes - but any bugs are my responsibility. Regrettably I am only human and we are working hard to fix all reported issues. Finally, I never worry about my title but right now I am a labelled a Principal Software Engineer.

 

>>It has been years since we didn't see added value to Active Directory-related features.

 

Agreed.

 

>>Could you please confirm if Windows LTSC versions (latest is 2021, based on 21H2 image) will support this new LAPS or not ?

>>LTSC have a very specific support lifecycle, and are supposed to trade new features for longer support lifeycle. LAPS being a security feature, there is a bit of confusion here.

>>Could you confirm Server Core support for this new feature ?

 

If the OS was listed as getting the Windows LAPS update, and is in support and receives regular patches via Windows Update (LTSC or otherwise), it will support Windows LAPS.   

 

To your LTSC question:   Microsoft feels very strongly about the security benefits of Windows LAPS, hence the decision to backport it to multiple platforms including LTSC editions.  Having been personally involved in investigating more than one security exploit report related to the legacy LAPS clear-text password storage design (eg due to inadvertent weak ACLs, etc), I personally agree that this was the right call (ie I am mainly referring to the AD password encryption feature, but backing up passwords to Azure is certainly just as good for AADJ machines).

 

>>Do you have any plan to update Active Directory Administrative Center, and especially Windows Admin Center to support this new feature ?

 

There are no confirmed plans at this point to add Windows LAPS support to either one of these tools. I would agree with you that it makes a lot of sense to update WAC which would provide us with a modern centralized management experience, with a strong team behind it.  But as I said, no plans can be confirmed at this time.

 

Jay