Check your computer's inventory record.

If it was enabled for LAPS, then you'll see it listed under the General settings > Managed Local Administrator Accounts.

If the account isn't LAPS managed, then something else is happening.

Sorry, do you mean here (see screenshot)?

Thanks for your reply.

Once a computer is LAPS managed, it stays LAPS managed even it you turn off the feature. Turning it off only affects computers going forward.

Check the computer's inventory record under General settings > Managed Local Administrator Accounts.

Thanks for that. I go there and then click on View accounts and passwords and it takes me to Local Users Accounts. I see Username Source & Password. Under password is View. When I click that it says: Rotating after viewing. Viewing the password will cause the password to rotate in 1 hour.

Does that mean LAPS is on? Every setting I see in Jamf, it is not on. I never turned it on myself.

Yes, that's right. LAPS is enabled for that account.

Regardless of how it happened, you can either erase and re-enroll the computer, which is pretty heavy-handed, or use a policy to delete the account on affected computers and recreate it.

I feared as much. I'm afraid that if I erase and re-enroll it will just be LAPS enabled again. I haven't made any changes. Especially not to turn it on.

The laptops are leased, and will be replaced next summer. Any tips on where to look to make sure it's not on? Again any setting I've looked at it's not on. So I'm confounded why this is happening.

If I delete the account and recreate it won't I run into a Secure Token issue?

Thank you for your help .