Tagged: H
- This topic has 2 replies, 3 voices, and was last updated 4 years, 8 months ago by
Jörgen Nilsson.
- AuthorPosts
- Tue, Sep 5 2017 at 7:13 pm #246557
Hi
Im testing LAPS in our network. So far im understanding most of how it works
One thing Im concerned about is after re-imaging a “LAPS” computer – which is a computer who had laps already working perfectly before is not updating the password after a re-image
As soon as the imaging is complete on the computer I have checked and confirmed:
Its getting the GPO
its on the right OU
The LAPS client is installed
issued a reboot and gpupdate
However after checking the event log – Theres no admpwd event logs at all. And the password is not changing, it is just the default administrator password that comes with our image
I am assuming the password will not re-update untill the next expire day passes?
This is a little concerning from a security point of view as the password will be our generic one untill the password Age/expire passes on re-imaged computers who were in production previously
brand new computer should be ok
- Mon, Sep 11 2017 at 9:17 am #250675
This is just a wild guess, but I think each LAPS installation has its own GUID. Thus, you should deploy your image without LAPS client and then install the client afterwards through Group Policy or with your software deployment solution.
Let us know if you figured it out.
- Mon, Sep 25 2017 at 12:44 pm #266023
Hi,
You are correct, you need to clear the ms-MCS-AdmPwdExpirationTime value for the client during reinstall. Here is post that explains it and a script that you can run during OSD.
regards,
Jörgen
- AuthorPosts
- You must be logged in to reply to this topic.