Share via


LAPS updated to 6.0.1

Hello,

We released update to LAPS last week. Changes in new version:

  • Fixed bug that caused computer account not to be found by LAPS UP and LAPS Powershell in forest containing multiple domain trees, and computer account was in different domain tree than tree of forest root domain
  • Added –SchemaNotUpdated switch parameter to cmdlet Find-AdmPwdExtendedPermissions that allows running this cmdlet in AD forest that does not contain LAPS AD schema update. Previously, doing this caused „No such object found“ error, because cmdlet looked for LAPS schema attribute in AD schema
  • LAPS UI: Replaced text box for password expiration with datetime picker
  • Fixed typos and better wording in ADMX templates
  • Updated documentation

 Download location did not change, so visit Download center for download

Jiri

Comments

  • Anonymous
    July 26, 2015
    Hello! I am trying LAPS in my testing environment and May I ask some questions? :
  • What is the name of service of LAPS running in AD?
  • How can i tackle with the event ID 3 Error Could not get local Administrator account? I got this error every 5 mins and I have no idea. Thank you very much!
  • Anonymous
    July 30, 2015
    @John:
  • there is no service running on AD for LAPS - all logic is client based
  • for error 3, most likely you misconfigured name of admin account to ve managed in GPO. If you're managing built-in admin account, keep the policy "Name of admin account..." As Not configured. Only configure it when managing custom admin account Jiri
  • Anonymous
    August 05, 2015
    Hello! I am finalizing a deployment in a higher edu environment, but one bit of feedback I am getting is the confusing font type used in the LAPS UI. Its possible to confuse some letters. Would love to see a clearer font used in future updates. Thanks!

  • Anonymous
    October 29, 2015
    Hello - will this application work against machines not using English as their default language.  Having an issue where this application runs but fails on machines where the group is not named Administrators. Help!

  • Anonymous
    November 09, 2015
    @John P: Thanks for fedback, we will consider font change in future updates @CapnJax21: What are errors you're observing? Jiri

  • Anonymous
    November 09, 2015
    Basically could not find the "Administrators" group. I use a transform to deploy the msi that hardcodes the local admin account (it may be overkill).  After I commented on your blog, I searched through the other tables in the msi and found the rows that reference the local administrator group on the machine.  I retransformed the msi for all the languages I support and its now working. I haven't tried yet, but will the application resolve the Administrator group name in different languages if I do not explicity set the local admin account in the msi or is it specially looking for the group name "Administrator"?

  • Anonymous
    November 11, 2015
    Hi there, within delivered Document "LAPS_Datasheet.docx", the following is mentioned: >Extensibility: >   Solution can be extended to provide additional functionality, such as: >   - Additional encryption of password stored in AD >   - Password history >   - Web UI Where can I find further Information? Kind Regards Wolfgang

  • Anonymous
    November 20, 2015
    Is there any way to view the history of passwords a computer had?  We ran into an issue here where one of our admins performed a system restore to a point in time where the admin account password was different that what is stored in AD.  After performing the restore, they also lost the trust relationship to the domain so they were stuck and needed to reimage which costs them alot of time and money...

  • Anonymous
    December 13, 2015
    @Jiri - I'm looking for the ability to retrieve the history of passwords for a system.  Can you point me in the right direction to that?  

  • Anonymous
    December 14, 2015
    more info - I'm using the 'free' version from Microsoft's Download center - does that not have the history builtin?  I found the ps script (Get-AdmPwdPassword -ComputerName mycomputername -includehistory) but it can't parse the includehistory parameter.  Any help would be appreciated. I also opened up a Premier Support ticket with Microsoft.  Took a while to explain to them what LAPS is!

  • Anonymous
    May 13, 2016
    The comment has been removed

    • Anonymous
      May 23, 2016
      @Melissa: I haven't tested on TP5 yet. I'll look at it in next few days and let you knowThanks,Jiri
    • Anonymous
      May 24, 2016
      Just tested on TP5 server provisioned in Azure. Result:ipmo admpwd.psUpdate-AdmPwdADSchemaOperation DistinguishedName Status--------- ----------------- ------AddSchemaAttribute cn=ms-Mcs-AdmPwdExpirationTime,CN=Schema,CN=Configuration,DC=t... SuccessAddSchemaAttribute cn=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,DC=tstforest,DC=com SuccessModifySchemaClass cn=computer,CN=Schema,CN=Configuration,DC=tstforest,DC=com SuccessI would guess there's something wrong in your environment?Thank you,Jir