Policy
Do not allow password expiration time longer than required by policy
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10
If this setting is enabled or not configured, planned password expiration longer than the password age dictated by the "Password Settings" policy is NOT allowed. When such expiration is detected, the password is changed immediately and password expiration is set according to policy. If this setting is disabled, password expiration time may be longer than required by "Password Settings" policy. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordExpirationProtectionEnabled | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerConfigure authorized password decryptorsAt least Microsoft Windows 10 or later
- ComputerConfigure automatic account managementAt least Microsoft Windows 10 or later
- ComputerConfigure password backup directoryAt least Microsoft Windows 10 or later
- ComputerConfigure size of encrypted password historyAt least Microsoft Windows 10 or later
- ComputerEnable password backup for DSRM accountsAt least Microsoft Windows 10 or later
- ComputerEnable password encryptionAt least Microsoft Windows 10 or later
- ComputerName of administrator account to manageAt least Microsoft Windows 10 or later
- ComputerPassword SettingsAt least Microsoft Windows 10 or later
- ComputerPost-authentication actionsAt least Microsoft Windows 10 or later