Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Environment

Windows Platform as a Service

Local Administrator Password Solution

Each Windows Platform as a Service device is configured with a unique local administrator password. These passwords are periodically changed and stored in Active Directory using Microsoft’s Local Administrator Password Solution (LAPS). Windows Platform as a Service customers can use LAPS tools to retrieve the local administrator password of a device when needed.

  • The Local Administrator Password Solution (LAPS) can be accessed in 3 ways:

    • Contact Tier 3 in the #its-miworkspace-win-tier3 Slack channel

    • Open a Powershell window as your PaaS workstation admin account.
      Run the following command:

      Get-LapsADPassword -Identity <computer name>
    • Launch ADUC using your PaaS OUAdmin account on any Server OS version 2019 or newer, Win 10 22H2, or any Win 11 machine joined to the UMROOT domain.

      • The euc-admints02 terminal server, which can be accessed using your PaaS OUAdmin account, can be used for this purpose.

  • The LAPS content and functionality, which used to be in LAPS UI, is now available in the LAPS tab of the AD computer object properties.

screenshot of LAPS tab on computer object in ADUC

Issues/Known Problems:

  • Machines may still rely on their old LAPS password until their group policy is updated with the new LAPS.

  • The new LAPS does not use the “LAPS UI”. Once a machine is using the new LAPS, the legacy LAPS UI will still show the last legacy password but it will no longer work to login on the machine. The new LAPS password recovery process must be used instead.

  • No labels