Effective 2020, IT moved away from using one standard local administrator password on each computer. Instead, each machine now has its own random local admin password. The password is stored in AD for reference.
Effective 2025, the LAPS password is now stored in its own tab in Active Directory:
To force reset the LAPS password, click Expire now, run a gpupdate /force on the local machine, then refresh AD.
The user can be provided these local admin credentials in order to install/uninstall a piece of software on their own when off the VPN, i.e. Sophos Connect when we cannot remotely access their computer. Username will be in the format: [pc name]\ghostrider - e.g. FMHC-IT-123\ghostrider
NOTE: The local "administrator" account has been disabled for security reasons. The new local "admin" account is called "ghostrider."
Old steps (2024 and earlier): In AD, find the computer in its OU (you cannot just search for it) --> right-click and select Properties --> Attribute Editor tab (you will not see this tab if you found the computer via search) --> scroll to ms-Mcs-AdmPwd to view the local admin password.
The user can be provided these local admin credentials in order to install/uninstall a piece of software on their own when off the VPN, i.e. Sophos Connect when we cannot remotely access their computer. Username will be in the format: [pc name]\administrator - e.g. FMHC-IT-123\administrator
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article