4 Ways to Rotate Local Admin Password using Intune

 A comprehensive guide covering multiple methods to rotate the managed local administrator password on Windows 10/11 devices when using Windows LAPS.


In this tutorial, we’ll cover different methods to rotate the local admin password using Intune on Windows 10/11 devices. Rotating the admin account password means changing or resetting the password of the managed local administrator account.

https://forums.datanav.co.ke/showthread.php?tid=15510

https://www.2742bbs.com/forum.php?mod=viewthread&tid=1322

https://www.2742bbs.com/forum.php?mod=viewthread&tid=1232

https://www.2742bbs.com/forum.php?mod=viewthread&tid=1312

You can rotate the admin account passwords in Intune after you have set up the Windows LAPS policy for Windows devices. This can be done manually when required, or you can configure the admin password rotation schedule in the LAPS Policy.


In our previous article, we showed you the steps to implement LAPS with Intune. If you are new to LAPS and want to enable and configure it using Intune, this guide is the best way to get started.


Why should you rotate the admin account passwords?

The primary goal of rotating the admin account password is to shorten the lifespan of the password, reducing vulnerability to password-based attacks and exploits.


Any organization that uses the administrator account to perform administrative tasks should consider changing the passwords regularly.

https://www.2742bbs.com/forum.php?mod=viewthread&tid=433

https://www.2742bbs.com/forum.php?mod=viewthread&tid=1114

http://hrok.co.kr/bbs/bbs/board.php?bo_table=free&wr_id=722948

http://gwwa.yodev.net/bbs/board.php?bo_table=notice&wr_id=2605287

That’s why Windows LAPS is so secure and beneficial for organizations, helping rotate the passwords regularly and setting complex passwords for admin accounts.


While there is no fixed rule on how often you should rotate the password, most organizations change the admin passwords every 30–60 days. The periodic password rotation can minimize the window of opportunity for cybercriminals to take advantage of a Windows system, even if the administrator account password of the device is stolen or exposed at some point.


Ways to rotate the LAPS local admin password

Listed below are some methods that can be used to rotate the LAPS local admin password on Windows devices:

https://vote114.com/bbs/board.php?bo_table=free&wr_id=474531

https://foro.muelendhir.com/showthread.php?tid=3752

https://carpentryforums.com/showthread.php?tid=18605

https://www.elektrofahrrad-tests.de/forums/showthread.php?tid=34995

Manually rotate the admin password from Intune admin center

Use Reset-LapsPassword PowerShell cmdlet to reset the admin account password

Use OMA-URI Settings to rotate admin account password

Rotate the local admin password using Windows LAPS

Permissions required to rotate admin password

To use the Intune admin center to view or change a local admin account password on a Windows device, your account must be assigned the following Intune permissions:


Managed devices: Read (view Intune managed devices)

Organization: Read (view tenant settings such as device categories and Exchange Connectors)

Remote tasks: Rotate Local Admin Password

To view or rotate the administrator account password, your account must have one of the following Microsoft Entra permissions:

https://forum.computertech.co/showthread.php?tid=19

https://pimpforums.xyz/showthread.php?tid=2217&pid=16301#pid16301

https://www.mircalemi.net/showthread.php?tid=410

https://forum.webgod.ro/showthread.php?tid=506

microsoft.directory/deviceLocalCredentials/password/read

microsoft.directory/deviceLocalCredentials/standard/read

You can create a custom role in Intune and Entra ID that can grant these permissions, which will be covered in the later section of this article.


Method 1: Rotate Local admin password using Intune admin center

Independent of the LAPS Policy’s set rotation schedule, you can rotate an admin password by using the device action “Rotate local admin password” in the Intune admin center.


Use the following steps to rotate the Windows LAPS admin password in the Intune admin center:

https://forum.goddesszex.dev/showthread.php?tid=572

https://diskutim.com/showthread.php?tid=3628

https://forums.cyclone-hosting.net/showthread.php?tid=777

https://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=6161

Sign in to the Microsoft Intune admin center.

Go to Devices > All devices, and select the Windows device with the account you want to rotate.

Click on the three dots on the top menu of options, and then select “Rotate local admin password.”


The following message is displayed when you initiate the rotate local admin password device action in the Intune admin center.


Shortly, a notification “Rotate local admin password initiated” appears in the top-right corner of the Intune admin center. That completes the procedure to manually initiate the admin account password rotation from Intune.


Note: When a password is rotated for an account on demand, the time to the next scheduled password rotation is reset. The time to the next scheduled rotation is managed through the PasswordAgeDays setting in the LAPS policy.


Monitor Account Password Rotation in Intune

After you initiate the admin account password rotation for a Windows device in Intune, the device details pane displays the banner “Rotate local admin password pending.” This means the admin password is being rotated for the selected Windows device. On the other hand, the device action status indicates the action is pending.


After you confirm the intent to rotate the password, Intune initiates the process, which can take a few minutes to complete. At this point, you don’t have to restart the device because it’s not required. During our testing, it took approximately 8 minutes to successfully rotate the admin account password.

https://forums.cychosting.com/showthread.php?tid=593

https://themastergames.com/mybb/thread-cadmeister-14-0--16745

If the Windows device displays Rotate local admin password pending status for a long time, make sure the remote device is online and is receiving the Intune policies. If the device isn’t online at the time of the request, it results in a failure. To troubleshoot further, perform a manual sync of the device from the Intune admin center.


If a Windows device displays the status “Rotate local admin password: Completed,” it means the admin password has been rotated successfully. Both scheduled and manual password rotation attempts result in an audit event.

Comments

Post a Comment

Popular posts from this blog

8 Ways to Fix Windows Update Error 0x80070643

 Windows update error 0x80070643 stops you from installing the latest Windows updates. Learn why this error occurs and how can you resolve it with multiple solutions. In this post, I will show you how to fix the Windows Update error 0x80070643 that occurs when you attempt to install the latest updates on Windows 11/10 devices. The error 0x80070643 can be resolved using different methods, which will be covered in this guide. I ran across issue 0x80070643 on my Windows 11 PC when I was downloading the most recent updates. The update was stuck installing for a few minutes and finally resulted in error 0x80070643. https://stock.talktaiwan.org/index.php?topic=478832.0 https://stock.talktaiwan.org/index.php?topic=407059.0 https://stock.talktaiwan.org/index.php?topic=427920.0 http://forum.analysisclub.ru/index.php?topic=128627.0 http://forum.analysisclub.ru/index.php?topic=142620.0 http://forum.infinite-soul.org/viewtopic.php?f=64&t=9756 https://rostovbike.ru/thread-1012.html https://...
Read more

Hotfix Rollup KB25858444 for SCCM 2309: 8 Critical Fixes

 A new hotfix rollup KB25858444 for Configuration Manager 2309 containing several fixes is available. This hotfix includes KB 26129847 fixes as well. Microsoft has released a new hotfix rollup KB25858444 for SCCM 2309 that resolves several critical issues, including the Configuration Manager Prerequisite Checker error for ODBC Driver version 18.0. KB25858444 is the second hotfix released for version 2309 after the KB26129847 out-of-band update. It is applicable to both customers who opted into the early update ring deployment via a PowerShell script and customers who installed the globally available release. https://jake2701.net.au/phpBB3/viewtopic.php?t=9526 https://jake2701.net.au/phpBB3/viewtopic.php?t=8949 https://jake2701.net.au/phpBB3/viewtopic.php?t=8822 https://jake2701.net.au/phpBB3/viewtopic.php?t=8151 https://jake2701.net.au/phpBB3/viewtopic.php?t=18423 We recommend installing the KB25858444 hotfix rollup because it contains over 8 important fixes for your Configuration ...
Read more

How to Customize the App Store in Microsoft Teams

 Learn how you can customize your organization's app store in Microsoft Teams. Customize the Teams app store with your organization's logo, logomark, and custom background or color. In this tutorial, I will show you how to customize the App Store in Microsoft Teams in your organization. You can make the Teams app store more user-friendly by adding your organization’s logo, a custom background, and custom text colors. The Teams Store provides many useful apps created by third-party software developers, in addition to apps provided by Microsoft. You’ll also see a collection of top apps that all users across Teams love and use, so you’ll always know about the most popularly used apps on Teams. https://bossgirlpower.com/forums/viewtopic.php?id=267734 https://bossgirlpower.com/forums/viewtopic.php?id=50065 https://bossgirlpower.com/forums/viewtopic.php?id=50529 https://datcang.vn/viewtopic.php?t=539385 You can personalize the app store in Teams for your organization so that it refle...
Read more