In my environment, I am trying to create two different local users for my all client pc; built-in-administrator as a backup account, and custom local admin for implementing LAPS. I am creating a backup account for any trust relationship break issue and other.
Since the Microsoft has disabled the function in the local user and group to create, modify or set the password from the GPO. Although, I am able to rename/update the built-in-Administrator account. I am trying to set password for my backup local admin via Script method from GPO. I tried several scripts, but it does not work. I have also given all the administrator rights for that user. Can anyone help me or guide me in this scenario?
LAPS was built so you don't have to manually manage the local admins. You use LAPS, which is great, but still want to manage another admin account manually, defeating the purpose of LAPS in my opinion.
If you are worried about password history when restoring a client from backup, there was a newer LAPS released recently by Microsoft which supports exactly that. So even when you restore a client from backup, where the password was something else, you can look it up. Alternatively you can always restore the local admin password manually if you have console access to the machine (utilman.exe trick).
The backup scenario is really the only time when the password can get stale. Since when the LAPS client extension cannot communicate with a domain controller, it does not update the local admin password.
I would suggest you rethink what you are trying to achieve, because I think it would introduce unnecessary administrative burden.