If you are getting the message below, you are probably still using legacy LAPS, and you are trying to install the LAPS UI on a Windows version higher than or equal to 23H2:
This app can't run on this deviceLocal Administrator Password Solution (LAPS) MicrosoftBeginning with Server 2025 and Windows 11 23H2 and later releases, Legacy LAPS has been deprecated. Installation of the Legacy LAPS MSI is blocked on the operating system. You need to enable Windows LAPS for managing local administrator account passwords. For more info, go to: https://go.microsoft.com/fwlink/?linkid=2249397.
Legacy LAPS uses Active Directory to store the LAPS password and the expiration time. It utilizes the ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes from a computer object. These can be easily manipulated with PowerShell, and we can even build a GUI in Visual Studio and convert the PowerShell script to an executable.
We will also need an icon, which I encoded into a base64 string. I used Grok to generate the icon.
PowerShell code block to read LAPS details:
$computerDetails = Get-ADComputer -Identity ($ComputerName) -properties ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime | Select ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime
$LAPS_password = $computerDetails."ms-Mcs-AdmPwd"
$expirationDate = $computerDetails."ms-Mcs-AdmPwdExpirationTime"
if ($expirationDate -ge 0)
{
$expirationDate = $([datetime]::FromFileTime([convert]::ToInt64($expirationDate)))
}
$Expiration = "{0:yyyy-MM-dd HH:mm:ss}" -f [datetime]$expirationDatePowerShell code block to update the expiration to the current date and force a password renew:
$now = Get-Date
$nowFileTime = $now.ToFileTime()
try
{
Set-ADComputer -Identity ($ComputerName) -Replace @{'ms-Mcs-AdmPwdExpirationTime' = $nowFileTime}
}
catch
{
$Expiration = "Error"
}The blocks will have minor modifications to be able to update the GUI; complete code is available on GitHub.
We get the XAML code from Visual Studio for the GUI:
<Window
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
Title="Legacy LAPS GUI" Height="220" Width="400">
<Grid>
<Label Content="Computer name" HorizontalAlignment="Left" Margin="10,6,0,0" VerticalAlignment="Top"/>
<Label Content="Password" HorizontalAlignment="Left" Margin="46,29,0,0" VerticalAlignment="Top" RenderTransformOrigin="0.502,-0.606"/>
<Label Content="Expiration date" HorizontalAlignment="Left" Margin="17,55,0,0" VerticalAlignment="Top"/>
<TextBox Name="ComputerName" HorizontalAlignment="Left" Margin="111,10,0,0" TextWrapping="Wrap" Text="" VerticalAlignment="Top" Width="260" Height="20"/>
<TextBox Name="Password" HorizontalAlignment="Left" Margin="111,33,0,0" TextWrapping="Wrap" Text="" VerticalAlignment="Top" Width="260" Height="20" IsReadOnly="True"/>
<TextBox Name="Expiration" HorizontalAlignment="Left" Margin="111,58,0,0" TextWrapping="Wrap" Text="" VerticalAlignment="Top" Width="260" Height="20"/>
<Button Name="GetPassword" Content="Get password" HorizontalAlignment="Left" Margin="17,93,0,0" VerticalAlignment="Top" Width="354" Height="35" Background="#FF0033A0" Foreground="White"/>
<Button Name="ExpirePassword" Content="Expire password" HorizontalAlignment="Left" Margin="17,133,0,0" VerticalAlignment="Top" Width="354" Height="35" Background="#FF0033A0" Foreground="White"/>
</Grid>
</Window>This is how the GUI is rendered:
The code blocks above will be functions that will be called when the buttons on the GUI are pressed. Full script is available on GitHub.
You can run it as a PowerShell script or it can be converted using ps2exe module, CLI or win-ps2exe to have a GUI for the conversion process.
Files available on GitHub.
Featured image created with Grok.
