Knowledge base
March 09, 2025
Windows LAPS vs. Legacy LAPS: Why You Should Migrate
Managing local administrator passwords is critical to IT security. Microsoft has introduced Windows Local Administrator Password Solution (LAPS) as the successor to Legacy Microsoft LAPS, with significant improvements and new features. But what are the key differences? And why should you make the switch? In this blog, Iβll explain it to you!π
π What is Windows LAPS?
Windows LAPS is an advanced password management solution built into Windows 10, Windows 11 and Windows Server (as of the April 2023 update). It replaces the legacy Legacy LAPS and offers enhanced security, broader integration and better management optionsΒΉ.
Β
π Legacy LAPS vs. Windows LAPS β The Key Differences.
Here are the main differences between Legacy LAPS and Windows LAPS:
Β
1οΈβ£ Installation & Integration
β
Legacy LAPS: Requires a separate installation via an MSI file.
β
Windows LAPS: Is integrated directly into supported Windows versions, no additional software required! π
Β
2οΈβ£ Storage locations for passwords
β
Legacy LAPS: Storage in Active Directory only.
β
Windows LAPS: Supports both Active Directory and Azure AD, perfect for hybrid or cloud-first environments. βοΈ
Β
3οΈβ£ Encryption of passwords
β
Legacy LAPS: No encryption options.
β
Windows LAPS: Supports encryption of passwords in Active Directory, significantly improving security. π
Β
4οΈβ£ Password history
β
Legacy LAPS: No functionality for password history.
β
Windows LAPS: Maintains password history for auditing and recovery. π
Β
5οΈβ£ DSRM password management
β
Legacy LAPS: Does not support Directory Services Restore Mode (DSRM).
β
Windows LAPS: Can manage DSRM passwords on domain controllers, adding an additional layer of security. π‘οΈ
Β
6οΈβ£ Automatic actions after password use
β
Legacy LAPS: No automatic actions possible.
β
Windows LAPS: Automatic reset possible after password retrieval. π
Β
7οΈβ£ Support for migration
β
Legacy LAPS: No migration features.
β
Windows LAPS: Provides a Legacy emulation mode so organizations can easily transition. ποΈ
Β
π― Benefits of Windows LAPS
Why switch to Windows LAPS? Here are the biggest advantages:
π₯ Native integration β No separate installation required, Windows LAPS is built right into Windows!
π₯ Enhanced security β Supports encryption and password history.
π₯ Cloud-ready β Works with Azure AD, ideal for modern IT environments.
π₯ Supports DSRM password management β Additional functionality for domain controllers.
π₯ Easy migration β Legacy emulation mode helps ensure a smooth transition.
Β
β οΈ Important considerations in implementation
Before you switch, consider the following:
π¨ Legacy LAPS is being phased out β Newer Windows versions no longer support Legacy LAPS.
π¨ Side-by-side implementation is possible β But each version can only manage one password per local administrator account.
Β
π― Conclusion
Β
Windows LAPS is the future of secure password management for local administrator accounts. It offers better security, integration and management options than Legacy LAPS. Organizations still using Legacy LAPS are strongly encouraged to migrate to take advantage of the latest enhancements and security benefits. ππ
Have you switched to Windows LAPS yet?
Β
References
ΒΉhttps://learn.microsoft.com/windows-server/identity/laps/laps-overview
Β
Β
About the author
My name is Alta Martes, a specialist in Microsoft 365 and Google Workspace, with a focus on modern workplace management, cloud security and identity & access management. With years of experience, I help organizations optimize their IT infrastructure and create a secure, efficient digital workplace.
π― Need help with your Microsoft 365 strategy?
Click below and find out how we can support your organization:
Want to know more?
Related
blogs
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI β Wekelijks in je Mailbox.