As discussed during our call, we’ve identified that the LAPS setting is being applied through the local group policy, as confirmed by the RSoP results. However, when we checked the Local Group Policy Editor, the setting does not appear to be explicitly configured.
Additionally, we verified the registry and found that no LAPS-related keys are defined either locally or via domain GPO. This leaves us in a bit of a gray area, as we’re unsure of the actual source applying the policy — possibly a default configuration from the OS image or another mechanism.
Given this uncertainty, we’re evaluating whether applying the registry setting to disable LAPS will effectively override the current behavior. We’d appreciate any insights or recommendations you might have on how best to proceed.
Registry key for disabled LAPS: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\LAPS\Config]
"BackupDirectory"=dword:00000000
Note: I have used the attached script for LAPS verification that.
• ✅ No LAPS registry settings found — This means LAPS is not configured via registry (likely not applied via domain GPO or local GPO).
• ✅ Local Group Policy file exists — So there might be some local GPO settings, but not necessarily LAPS.
Top comments (0)