Windows 11 Insider Preview Build 25145 supports LAPS

Windows[German]Microsoft has released a new Windows 11 Insider Preview build 25145 in the Dev Channel as of June 22, 2022 – the announcement can be found on the Windows blog. This build includes some new features, including an update for Narrator Braille driver support, OneDrive storage warning and subscription management in Settings, and the Local Administrator Password (LAPS) solution. In addition, the issue of Surface Pro X devices displaying a black screen when they enter sleep mode has also been fixed.


OnDrive storage warning

One new feature in this Insider build is the OneDrive storage warning. With this build, Microsoft has started enabling OneDrive Standalone 100GB subscriptions on the account page in settings, similar to Microsoft 365 subscriptions. This will allow users to view your recurring billing, payment method and OneDrive storage usage in Windows 11. Also, users will be notified on the same page when you are approaching or exceeding your OneDrive storage limit.

OneDrive memory warning

Local Administrator Password Solution (LAPS)

For enterprise administrators integrating Windows 11 machines into domains, however, another new feature should be of interest. Local Administrator Password Solution (LAPS) is now a native part of Windows and includes many new features.

LAPS in Windows 11

Local Administrator Password Solution (LAPS) was available as a download and provides management of local account passwords from computers joined to the domain. Passwords are stored in Active Directory (AD) and protected by ACL so that only authorized users can read them or request their reset.


Documentation of the features in Windows 11 is not yet available, but Microsoft provides a brief guide to help get you started in the basic scenario of an Active Directory domain-joined client. The description states:

  • Extend your Active Directory schema by running the Update-LapsADSchema cmdlet in the new LAPS PowerShell module.
  • Add the required permissions for your computer's OU by running the Set-LapsADComputerSelfPermission cmdlet.
  • Add a new LAPS Group Policy object, enable the Configure Password Backup Directory setting, and configure it to back up the password to Active Directory.
  • The domain-joined client will process the policy at the next GPO update interval. Run "gpupdate /target:computer /force" to avoid waiting. (The Invoke-LapsPolicyProcessing cmdlet can be used for the same purpose).
  • Once the client connected to the domain has saved a new password (look for event 10018 in the event log – see screenshot below), run the Get-LapsADPassword cmdlet to retrieve the newly saved password (by default, you must be running as the domain administrator).

To get to this new group policy, go to the Group Policy Editor in Windows 11. The options can be found under Computer Configuration > Administrative Templates > System > LAPS. Details can be found in the announcement on the Windows blog.

Cookies helps to fund this blog: Cookie settings


This entry was posted in Windows and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *