Forum Discussion
LAPS Intune policies
So it seems that there are legacy LAPS policies (via Configuration/Policies/New/Windows 10/Settings catalog Search for LAPS = Administrative templates/LAPS
Well, I did configure them & added my device group.
Then I realize that it is NOT this LAPS I need (by then quite few devices got the policy)
I unlinked the group, deleted this policy & created NEW LAPS policy via Endpoint Security/Account Protection/Create policy/Windows/Windows LAPS
Here I can setup new settings (especially Password Complexity = Passphrase)
While lots of my devices get the local admin password reset to correct Passphrase, there are quite a few that have complex password (leftover from previous attempt?)
No matter what I do, I cannot get this local admin password changed to Passphrase
Any idea how to get ALL the local admin passwords to be in same format?
Thanks
Seb
4 Replies
for the LAPS CSP and the PasswordComplexity you do have a "Delete,Replace" under the description Framwork properties, see the link bellow:
So, I would create a new group for those with the old passwords, exclude them from your current policy, and if everything goes well, redeploy them later with the new LAPS passphrase policy.
Try it first on a test machine or only 1,2 devices.
Good luck!
Quite tricky to find which machines are affected (unless there is a report available to pull all Local Admin password, so I can easily sort it)
Hello there,
Have you tried rotating the local admin password via intune?
https://learn.microsoft.com/en-us/intune/intune-service/remote-actions/device-rotate-local-admin-password?pivots=windowsI did, and rotate only rotates to exactly the same format
