We use Application Aware Processing wherever possible. We have many networks that are firewalled and rely on VIX integration to perform this for us. We are required to adhere to Defence Security Guidelines with regard to locking down our Windows Servers. Part of this requires us to enable UAC on all servers and to also regularly change the local administrator account password.
In the past this wasn't a big issue as we could use Group Policy to change the password for the administrator account on all servers and then update the account in the Veeam Console and it would take affect on all jobs.
Microsoft have since disabled the ability to control user account passwords via Group Policy as there was a security flaw with the method. They have since released the Local Administrator Password Solution, LAPS. This has a plugin on every server that is instructed by a GPO to change the password for the local administrator account to a randomly generated value after a certain number of days. The new password is then written a new attribute on the server's computer object in Active Directory, which is only viewable to Domain Admins. Every server has a different password. This solution works really well, however, it causes issues with VIX Integration for AAIP as every server has a different administrator password.
Just wondering if anyone has any solutions they've come up with for this?
The simplest solution I can think of is to not use LAPS and use powershell scripts to change the password on every server to the same one every x number of days and then we continue to manually update Veeam. Is this the only option?