Microsoft warns of compatibility issues with new Windows LAPS and Legacy LAPS
Microsoft has issued a warning about compatibility issues that can interfere with the new Windows LAPS and Legacy LAPS.
A few days ago, the company released the KB5025239 update for Windows 11 which, among other things, saw the arrival of the new Windows Local Administrator Password Solution (LAPS). The introduction of a new LAPS means that the previous system is now referred to as legacy LAPS.
- Microsoft is testing Windows 11 Start menu ads to push Microsoft 365 and Microsoft accounts
- Install the latest Microsoft Edge and get two taskbars in Windows!
- Microsoft is changing the function of the Print Screen key in Windows 11
Acknowledging the problems which users have been experiencing, Microsoft says: "The April 11, 2023 update has two potential regressions related to interoperability with legacy LAPS scenarios. Please read the following to understand the scenario parameters plus possible workarounds".
The company goes on to share details of the first issue:
If you install the legacy LAPS CSE on a device patched with the April 11, 2023 security update and an applied legacy LAPS policy, both Windows LAPS and legacy LAPS will enter a broken state where neither feature will update the password for the managed account. Symptoms include Windows LAPS event log IDs 10031 and 10033, as well as legacy LAPS event ID 6. Microsoft is working on a fix for this issue.
While a proper fix is being developed, two possible workarounds are suggested:
a. Uninstall the legacy LAPS CSE (result: Windows LAPS will take over management of the managed account)
b. Disable legacy LAPS emulation mode (result: legacy LAPS will take over management of the managed account)
Describing the second issue, Microsoft says;
If you apply a legacy LAPS policy to a device patched with the April 11, 2023 update, Windows LAPS will immediately enforce\honor the legacy LAPS policy, which may be disruptive (for example if done during OS deployment workflow). Disable legacy LAPS emulation mode may also be used to prevent those issues.
More information is available in this Microsoft support documentation.