cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PasswordAgeDays and PostAuthenticationResetDelay 0/24

PasswordAgeDays and PostAuthenticationResetDelay 0/24
0

Upvotes

Upvote
 Jul 12 2023
8 Comments (8 New)
Completed

Hi there,

 

would it be possible to include a feature that allows passwords to remain valid till the next rotation specified through PasswordAgeDays after they have been used?  

 

We miss this feature from legacy LAPS. Unfortunately we cannot use it with our new azure AD joined devices.

 

If we leave PostAuthenticationResetDelay unconfigured the 24hour cycle is really way too tight. Leaving it at 0 makes accounts unusable after authenticating till the next scheduled or manual rotation("The password has to be changed before this account can be used").

 

Cheers

Comment
Comments
Jay Simmons
Microsoft
‎Jul 14 2023 10:27 AM
‎Jul 14 2023 10:27 AM

Hi @FeroG440 ,

 

I think you may be combining two distinct issues.  

 

The first issue I think you are describing, is that the password is rotated for the LAPS-managed account immediately after auth when ResetDelay=0?   I cannot repro that behavior.  

 

The second issue I think you are describing is a known bug where if the password for the LAPS-managed account is older than the local device's MaximumPasswordAge policy, attempted authentication results in the pwd-must-be-changed error.   

 

As I said, I can't repro the first issue as described.   Please feel free to PM me with more details on that if I've misunderstood.   

 

I am working on a fix for the second issue and we will be shipping that to all supported platforms relatively soon (I can't say at this time when the fix will ship).

 

thx,

Jay

Jay Simmons
Microsoft
‎Jul 14 2023 10:27 AM
‎Jul 14 2023 10:27 AM
Status changed to: Working on it
 
FeroG440
Copper Contributor
‎Jul 16 2023 11:18 PM
‎Jul 16 2023 11:18 PM

Hello @Jay Simmons ,

 

thank you a lot for your answer and time. 

 

I will write down each step to reproduce the issue I was writing about. I will keep this updated.

Jay Simmons
Microsoft
‎Jul 24 2023 09:08 AM
‎Jul 24 2023 09:08 AM

@FeroG440  - any updates on the repro steps?

Cliff_Fisher
Microsoft
‎Jul 24 2023 10:30 AM
‎Jul 24 2023 10:30 AM
Status changed to: Needs more info
 
Jay Simmons
Microsoft
‎Aug 04 2023 09:26 AM
‎Aug 04 2023 09:26 AM

@FeroG440 - please let me know if you have some new info on this.   I plan to close this issue out soon (but you can always PM if needed).

Jay Simmons
Microsoft
‎Aug 13 2023 07:03 AM
‎Aug 13 2023 07:03 AM
Status changed to: Completed
 
Jay Simmons
Microsoft
‎Aug 13 2023 07:04 AM
‎Aug 13 2023 07:04 AM

@FeroG440 - didn't hear back from you so I am marking this completed.   Feel free to PM me if you come up with some more data or repro steps.

Similar Ideas
No similar ideas