rk-ca-2023's avatar
rk-ca-2023
Copper Contributor
Nov 10, 2023
Status:
Completed

Revice Password Last Set logic to check local PasswordLastSet and msLAPS-PasswordExpirationTime

Some of our servers are non persistent and are created from a template each night. If the Password needs updating logic checked the local admin account's PasswordLastSet and AD msLAPS-PasswordExpirat...
JaySimmons's avatar
JaySimmons
Icon for Microsoft rankMicrosoft
Jan 26, 2024

Hi rk-ca-2023 ,

 

Please check out the new Windows LAPS rollback-detection-feature (and other new features!) that dropped in today's 26040 Canary build:

 

Announcing Windows 11 Insider Preview Build 26040 (Canary Channel)

 

This rollback-detection feature was designed with your scenario in mind - however it is based on comparing locally-persisted-state (a guid password "version") against similar new state stored in Active Directory.  This new feature requires a new attribute be added to the AD schema - just re-run the new Update-LapsADSchema PowerShell cmdlet.

 

I obviously realize you won't be deploying a preview feature in your production environment, but I would like to hear your feedback on whether or not this feature will solve the problem that you had raised.

 

thanks,

Jay