LAPS now has passphrases, better readability & more

LAPS in Canary Channel gets rollback detection and other improvements

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

laps improvements windows 11

Windows LAPS is a feature that automatically manages and backs up passwords of local administrator accounts.

With the latest Windows 11 Insider Preview Build 26040 this feature was enhanced with some new features, so let’s take a closer look at them, shall we?

Automatic account management and other improvements are now available in LAPS

New automatic account management

With this new change, users can now configure LAPS to automatically create a managed local account. Additional features include:

  • The ability to set the name of the account as well as support for randomization.
  • Improved integration with local account management policies.
  • Ability to quickly enable or disable the account.

Improved password readability

Thanks to the changes to the PasswordComplexity setting, you can generate passwords that are less confusing to type.

By setting its value to 5, certain characters that are hard to distinguish won’t be used anymore thus improving password readability.

It’s also worth noting that the LAPS tab now uses a different font that is easier to read, thus minimizing the chance of any confusion.

Passphrase support is now available

LAPS can now generate passphrases that might be easier for users to remember than traditional passwords.

You can now configure the PasswordComplexity policy and choose between long words, short words with unique prefixes, and short words for your passphrase. Of course, you can also set how many words the passphrase will use.

It’s also worth mentioning that the passphrase feature is supported when backing up passwords to Windows Server Active Directory or Microsoft Entra ID.

Image rollback detection feature

LAPS can now detect when an image rollback occurs and it can prevent issues with Active Directory not matching the password hash that is stored locally on the device.

To prevent this, there’s now an Active Directory attribute msLAPS-CurrentPasswordVersion added to the Windows LAPS schema that checks the stored hash values to the local copies.

This feature isn’t available by default, and to enable it users need to run the latest version of Update-LapsADSchema PowerShell cmdlet.

This new build brings some much-needed improvements to LAPS that should make password and user management simpler than before.

Besides LAPS improvements, the new build brings a redesigned Windows Setup Experience as well as support for 80Gbps USB, so don’t miss it.

More about the topics: LAPS, Windows Insider Program

User forum

0 messages