![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 75%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello AL_Mitee,
Thank you for your question and for reaching out with your question today.
LAPS (Local Administrator Password Solution) is a Microsoft solution that helps organizations manage the local administrator passwords of their Windows-based computers. It generates unique passwords for each computer's local administrator account and stores them securely in Active Directory.
Regarding your scenario where devices do not allow credential caching, it's important to clarify a few points. LAPS does not rely on credential caching on individual PCs. Instead, it uses Active Directory to store and manage the passwords. When a computer requests the local administrator password, it communicates with Active Directory to retrieve the password for that specific computer.
The password retrieval process occurs when the LAPS management tool (installed on a management workstation) or the LAPS PowerShell module is used. These tools connect to the Active Directory to retrieve the password stored in the computer object's attribute.
So, even if the devices do not allow credential caching on the PC itself, LAPS should still work as intended. The password is stored in Active Directory, and the LAPS management tools communicate directly with Active Directory to retrieve the password when needed.
It's worth noting that LAPS requires certain infrastructure prerequisites, such as the installation of the LAPS management tools and extension of the Active Directory schema. Additionally, the computers must have the LAPS client software installed for the password retrieval to occur successfully.
Therefore, as long as you meet the requirements for implementing LAPS and have the necessary infrastructure in place, it should work regardless of the devices' ability to cache credentials locally.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.