Enforce password history

This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords.

This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.

Note: By default, member computers follow the configuration of their domain controllers.
To maintain the effectiveness of the password history, do not allow passwords to be changed immediately after they were just changed by also enabling the Minimum password age security policy setting. For information about the minimum password age security policy setting, see Minimum password age.

Policy path: 

Computer Configuration\Windows Settings\Account Policies\Password Policy


24 on domain controllers. 0 on stand-alone servers.

Supported on: 

At least Windows XP SP2, Windows Server 2003

Registry settings: 

Password Policy security settings are not registry keys.

Reboot required: 


Related content