Security News > 2023 > April > Microsoft: Windows LAPS is incompatible with legacy policies

Microsoft is investigating an interoperability bug between the recently added Windows Local Administrator Password Solution feature and legacy LAPS policies.

Windows LAPS helps admins manage passwords for local administrator accounts on Azure Active Directory-joined or Windows Server Active Directory-joined devices by automatically rotating and backing them up to AD domain controllers.

During this month's Patch Tuesday, Microsoft announced the integration of Windows LAPS on Windows 10, Windows 11, and Windows Server 2019 or newer releases.

Days after the announcement, the company confirmed reports that applying the April 2023 updates will break both legacy LAPS and the newly launched Windows LAPS. "There is a legacy LAPS interop bug in the [.] April 11, 2023 update. If you install the legacy LAPS GPO CSE on a machine patched with the April 11, 2023 security update and an applied legacy LAPS policy, both Windows LAPS and legacy LAPS will break," Microsoft explains.

"Symptoms include Windows LAPS event log IDs 10031 and 10032, as well as legacy LAPS event ID 6. Microsoft is working on a fix for this issue."

Microsoft says LAPS is now natively integrated into Windows as an inbox feature and will undergo maintenance through the standard Windows patching processes.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-laps-is-incompatible-with-legacy-policies/