Policy

Configure size of encrypted password history

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategorySystem > LAPS
Supported onAt least Microsoft Windows 10 or later

Supported OS tags: Windows10

Use this setting to configure how many previous encrypted passwords will be stored in Active Directory. Configuring this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) password encryption has been enabled. If this setting is enabled, the specified number of older passwords will be stored in Active Directory. If this setting is disabled or not configured, zero older passwords will be stored in Active Directory. This setting has a minimum allowed value of 0 passwords. This setting has a maximum allowed value of 12 passwords. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Internal name
LAPS_ADEncryptedPasswordHistorySize
Policy ID
d4e9388b5417
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Encrypted password history size
ID LAPS_ADEncryptedPasswordHistorySize_INT
decimal
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\ADEncryptedPasswordHistorySize
Type REG_DWORD
Range: 0 to 12

Other policies in this category

Explore related policies at the same level.