Enable password encryption

Supported OS tags: Windows10

When you enable this setting, the managed password is encrypted before being sent to Active Directory. Enabling this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) the Active Directory domain functional level is at Windows Server 2016 or above. If this setting is enabled, and the domain functional level is at or above Windows Server 2016, the managed account password is encrypted. If this setting is enabled, and the domain functional level is less than Windows Server 2016, the managed account password is not backed up to the directory. If this setting is disabled, the managed account password is not encrypted. This setting will default to enabled if not configured. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

This policy has no additional user input fields.

• Computer
  Configure authorized password decryptors

  At least Microsoft Windows 10 or later
• Computer
  Configure automatic account management

  At least Microsoft Windows 10 or later
• Computer
  Configure password backup directory

  At least Microsoft Windows 10 or later
• Computer
  Configure size of encrypted password history

  At least Microsoft Windows 10 or later
• Computer
  Do not allow password expiration time longer than required by policy

  At least Microsoft Windows 10 or later
• Computer
  Enable password backup for DSRM accounts

  At least Microsoft Windows 10 or later
• Computer
  Name of administrator account to manage

  At least Microsoft Windows 10 or later
• Computer
  Password Settings

  At least Microsoft Windows 10 or later
• Computer
  Post-authentication actions

  At least Microsoft Windows 10 or later