A few weeks ago, Microsoft announced the availability of Windows LAPS (Local Administrator Password Solution) via Patch Tuesday. This feature is also available on Windows 10, Windows 11 and Servers.
Since its release though, Microsoft has confirmed interoperability issues with legacy LAPS. When Legacy LAPS (MSI package) is installed on machines with the latest Patch Tuesday updates, both legacy as well as newer Windows LAPS are broken. Typically, an event log ID 10031 or 10032 is generated with the message “LAPS blocked an external request that attempted to modify the password of an existing managed account.”
As promised, Microsoft announced that it has fixed such issues with the latest Windows 11 non-security preview updates. This fix is available for both Windows 11 21H2 (KB5025298) as well as Windows 11 22H2 (KB5025305).
The announcement reads:
This update fixes an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after installing the April 11, 2023 Windows Update on machines that have a LAPS policy.
In related news, an unofficial third-party simple GUI tool is now available for querying passwords and other related tasks, and it claims to work well on both legacy and Windows LAPS. You can get details about it in this article.
