Policy

Do not allow password expiration time longer than required by policy

Microsoft Windows

Back to LAPSBack to main
Do not allow password expiration time longer than required by policy
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > LAPS
Supported on
At least Microsoft Windows 10 or later

Supported OS tags: Windows10

If this setting is enabled or not configured, planned password expiration longer than the password age dictated by the "Password Settings" policy is NOT allowed. When such expiration is detected, the password is changed immediately and password expiration is set according to policy. If this setting is disabled, password expiration time may be longer than required by "Password Settings" policy. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Internal name
LAPS_DontAllowPwdExpirationBehindPolicy
Policy ID
cceefcf35111
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS
Value name
PasswordExpirationProtectionEnabled
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS
Value name
PasswordExpirationProtectionEnabled
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.