Policy
Configure size of encrypted password history
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10
Use this setting to configure how many previous encrypted passwords will be stored in Active Directory. Configuring this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) password encryption has been enabled. If this setting is enabled, the specified number of older passwords will be stored in Active Directory. If this setting is disabled or not configured, zero older passwords will be stored in Active Directory. This setting has a minimum allowed value of 0 passwords. This setting has a maximum allowed value of 12 passwords. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Encrypted password history size ID LAPS_ADEncryptedPasswordHistorySize_INT | decimal | Path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value name ADEncryptedPasswordHistorySize Type REG_DWORD | Range: 0 to 12 |