This topic is resolved

Share

Tagged: 

This topic contains 2 replies, has 3 voices, and was last updated by  Jörgen Nilsson 1 month, 3 weeks ago.

  • Author
    Posts
  • #246557
     Patrick 
    Participant
    • Topics: 1
    • Replies: 0
    Member Points: 67

    Hi

    Im testing LAPS in our network. So far im understanding most of how it works

    One thing Im concerned about is after re-imaging a “LAPS” computer – which is a computer who had laps already working perfectly before is not updating the password after a re-image

    As soon as the imaging is complete on the computer I have checked and confirmed:

    Its getting the GPO

    its on the right OU

    The LAPS client is installed

    issued a reboot and gpupdate

    However after checking the event log – Theres no admpwd event logs at all. And the password is not changing, it is just the default administrator password that comes with our image

    I am assuming the password will not re-update untill the next expire day passes?

    This is a little concerning from a security point of view as the password will be our generic one untill the password Age/expire passes on re-imaged computers who were in production previously

    brand new computer should be ok

    0
  • #250675
     Michael Pietroforte 
    Keymaster
    • Topics: 138
    • Replies: 330
    Post count: 1019
    Member Points: 6,750

    This is just a wild guess, but I think each LAPS installation has its own GUID. Thus, you should deploy your image without LAPS client and then install the client afterwards through Group Policy or with your software deployment solution.

    Let us know if you figured it out.

    0
  • #266023
     Jörgen Nilsson 
    Participant
    • Topics: 0
    • Replies: 1
    Post count: 2
    Member Points: 209

    Hi,

    You are correct, you need to clear the ms-MCS-AdmPwdExpirationTime value for the client during reinstall. Here is post that explains it and a script that you can run during OSD.

    LAPS and machine reinstalls

    regards,
    Jörgen

    1+

    Users who have liked this topic:

    • avatar

You must be logged in to reply to this topic.

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account