Viewing 2 reply threads
  • Author
    • #246557
      Member Points: 67
      Rank: 1


      Im testing LAPS in our network. So far im understanding most of how it works

      One thing Im concerned about is after re-imaging a “LAPS” computer – which is a computer who had laps already working perfectly before is not updating the password after a re-image

      As soon as the imaging is complete on the computer I have checked and confirmed:

      Its getting the GPO

      its on the right OU

      The LAPS client is installed

      issued a reboot and gpupdate

      However after checking the event log – Theres no admpwd event logs at all. And the password is not changing, it is just the default administrator password that comes with our image

      I am assuming the password will not re-update untill the next expire day passes?

      This is a little concerning from a security point of view as the password will be our generic one untill the password Age/expire passes on re-imaged computers who were in production previously

      brand new computer should be ok

    • #250675
      Michael Pietroforte
      Member Points: 37,155
      Author of the year 2018
      Rank: 4

      This is just a wild guess, but I think each LAPS installation has its own GUID. Thus, you should deploy your image without LAPS client and then install the client afterwards through Group Policy or with your software deployment solution.

      Let us know if you figured it out.

    • #266023
      Jörgen Nilsson
      Member Points: 519
      Rank: 2


      You are correct, you need to clear the ms-MCS-AdmPwdExpirationTime value for the client during reinstall. Here is post that explains it and a script that you can run during OSD.

      LAPS and machine reinstalls


Viewing 2 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account