📢 Windows 11 Build 25145 adds 'Local Administrator Password Solution', LAPS

Microsoft releases Windows 11 Build 25145 to the Windows Insiders that adds Local Administrator Password Solution to it. - Story published by Kunal Chowdhury on , and was last updated on 2022-09-02T01:22:51Z.

Follow us on:    Twitter  |  Mastodon  |  Facebook  |  WhatsApp  |  Telegram  |  Google News

Microsoft releases a new Windows 11 build to the Windows Insiders in the Dev (Preview) Channel. The latest update comes as "Windows 11 Insider Preview Build 25145.1000", and contains plenty of new features and improvements along with several bug fixes.


One of the highlights of this build is the inclusion of "Local Administrator Password Solution (LAPS)", whereas the other is "OneDrive storage alert and subscription management in Settings". To know more about LAPS (Local Administrator Password Solution) in Windows 11, continue reading further.


Windows 11 Build 22145 adds 'Local Administrator Password Solution', LAPS


Windows 11 Build 25145 gets native support for the legacy Local Administrator Password Solution product (aka “LAPS”)

The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.


The latest update of Windows 11 Dev (Preview) build 25145.1000 for the Windows Insiders comes with the native support for the legacy Local Administrator Password Solution (LAPS) and includes several new features. If you have used the legacy LAPS product, many of the features (mentioned below) in this new version of LAPS will be familiar to you.



  1. Extend your Active Directory schema by running the Update-LapsADSchema cmdlet in the new LAPS PowerShell module.
  2. Add the necessary permissions on your computer’s OU by running the Set-LapsADComputerSelfPermission cmdlet.
  3. Add a new LAPS Group Policy object and enable the “Configure password backup directory” setting and configure it to backup the password to “Active Directory”.
  4. The domain-joined client will process the policy at the next GPO refresh interval. Run “gpupdate /target:computer /force” to avoid waiting.
  5. Once the domain-joined client has backed up a new password, run the Get-LapsADPassword cmdlet to retrieve the newly stored password (by default you must be running as a domain administrator).



To get to this new Group Policy, open the Group Policy editor and navigate to Computer Configuration > Administrative Templates > System > LAPS.


The feature is fully functional for Active Directory domain-joined clients, but Azure Active Directory support is limited for now to a small set of Insiders, says Microsoft.