we have set Post Authentication delays to 24 hours, and as per the action setting, password should be reset again, but it doesn't happen, can you fix this?
also please add the capability to to Create local user within LAPS policy
we have set Post Authentication delays to 24 hours, and as per the action setting, password should be reset again, but it doesn't happen, can you fix this?
also please add the capability to to Create local user within LAPS policy
Hi @Vijay_kumar89 ,
Please PM me with more details so I can investigate your post-auth issue. Which OS platform, and more importantly, how are you triggering the auth? Also please PM me a Get-LapsDiagnostics zip file.
There is a separate feedback item on supporting creating the local user and we are looking at that.
thx,
Jay
@Jay Simmons Do the post-authentication actions only support when the Local Admin account logins via GINA? Not when elevating via "Running as Administrator" on Powershell/cmd/installing applications.
Hi @bt102 ,
>>Do the post-authentication actions only support when the Local Admin account logins via GINA? >>Not when elevating via "Running as Administrator" on Powershell/cmd/installing applications.
Yes this is correct. We also terminate SMB sessions that were authenticated using the LAPS-managed account.
Adding the ability for post-auth actions to terminate individual processes that are running under the LAPS-managed account identity (after all interactive logon sessions are terminated) is something that we are looking at.
@Jay Simmons Thank you for the quick response on this. That is some great news. 99% of the time, we use LAPS for elevating Admin rights by "Running as Administrator" for installing or uninstalling applications.
It would be great if these are documented on the LAPS PostAuthenticationActions section under Configure policy settings for Windows LAPS | Microsoft Learn so others like myself are aware of what scenarios are supported. Have a great weekend.
@bt102 ,
I have updated the docs:
The behavior should be fully clarified now - lmk if you see anything different.
Jay
I have confirmed with Vijay offline that PAA seems to be working for him as expected, so I'm closing this feedback item as Completed. @bt102 fyi that I have filed your ask as a separate item:
thx,
Jay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.