Contents x
    FAQs
    • 07 Nov 2025
    • 1 Minute to read
    • Print
    • PDF
    Contents

    FAQs

    • Updated on 07 Nov 2025
    • 1 Minute to read
    • Print
    • PDF
    Article summary

    FAQs: Handling Password Complexity and Expiry in LAPS

    In Scalefusion, a Password Policy (PP) defines the rules for how strong and secure device passwords should be such as their length, use of special characters, and how often they must be changed.

    When using LAPS (Local Administrator Password Solution), these settings must align with each device’s own password policy to avoid conflicts or failed rotations. Scalefusion automatically compares both policies and applies the stronger one to maintain compliance and security.

    1. What happens if my LAPS password policy is weaker than the device’s policy?

    If the password complexity or expiry rules you’ve configured in LAPS are weaker than the ones already applied on the device, Scalefusion automatically adjusts to match the device’s stronger policy. This ensures there are no conflicts or security issues.

    2. How does Scalefusion handle password length differences?

    Scalefusion automatically reconciles differences between the password length defined in your LAPS policy and the existing password or passcode policy configured on the Scalefusion Dashboard (through a Device Profile or Compliance Policy):

    • If the LAPS password length is shorter than the existing policy, the longer password length is enforced.

    • If the LAPS password length is equal to or longer than the existing policy, the LAPS-configured length is applied.

    3. What if complex passwords are enforced differently?

    • For Windows devices: If the existing policy configured on the Scalefusion Dashboard enforces complex passwords but your LAPS policy doesn’t, Scalefusion will automatically enable the complex password requirement.

    • For macOS devices: Scalefusion compares the number of special characters required:

      • If your LAPS policy allows fewer special characters, the device’s higher requirement is applied.

      • If your LAPS policy meets or exceeds it, your configured value is used.

    4. How is password rotation frequency handled?

    Scalefusion checks the password rotation frequency in LAPS against the existing password or passcode expiry policy configured on the Scalefusion Dashboard (through a Device Profile or Compliance Policy):

    • If your LAPS rotation period is shorter, the existing expiry period is used.

    • If it’s equal or longer, the LAPS rotation frequency applies.

    5. When are these checks performed?

    These validations occur automatically whenever the password policy is updated, either manually by an Admin or through a Compliance Policy update.

    Was this article helpful?
    What's Next
    Ambitious companies around the world trust Scalefusion to secure and manage endpoints including smartphones, tablets, laptops, rugged devices, POS, and digital signages. Our mission is to make Device Management simple and effortless along with providing world class customer support.
    By Business Initiative
    Top Features
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © 2023 Scalefusion. All rights reserved.