Policy

Configure size of encrypted password history

Microsoft Windows

Back to LAPSBack to main
Configure size of encrypted password history
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > LAPS
Supported on
At least Microsoft Windows 10 or later

Supported OS tags: Windows10

Use this setting to configure how many previous encrypted passwords will be stored in Active Directory. Configuring this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) password encryption has been enabled. If this setting is enabled, the specified number of older passwords will be stored in Active Directory. If this setting is disabled or not configured, zero older passwords will be stored in Active Directory. This setting has a minimum allowed value of 0 passwords. This setting has a maximum allowed value of 12 passwords. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Internal name
LAPS_ADEncryptedPasswordHistorySize
Policy ID
d4e9388b5417
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Encrypted password history size
ID LAPS_ADEncryptedPasswordHistorySize_INT
decimal
Path
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS
Value name
ADEncryptedPasswordHistorySize
Type
REG_DWORD
Range: 0 to 12
Encrypted password history size
Computer · Type decimal
Registry mapping
Path
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS
Value name
ADEncryptedPasswordHistorySize
Type
REG_DWORD
Details
Range: 0 to 12