Policy

Do not allow password expiration time longer than required by policy

If this setting is enabled or not configured, planned password expiration longer than the password age dictated by the "Password Settings" policy is NOT allowed. When such expiration is detected, the password is changed immediately and password expiration is set according to policy. If this setting is disabled, password expiration time may be longer than required by "Password Settings" policy. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Policy
PackMicrosoft Windows
CategorySystem / LAPS
Policy IDcceefcf35111
Internal nameLAPS_DontAllowPwdExpirationBehindPolicy

Registry

Copy registry mappings

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordExpirationProtectionEnabled (enabled) = 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordExpirationProtectionEnabled (disabled) = 0

Policy notes

If this setting is enabled or not configured, planned password expiration longer than the password age dictated by the "Password Settings" policy is NOT allowed. When such expiration is detected, the password is changed immediately and password expiration is set according to policy. If this setting is disabled, password expiration time may be longer than required by "Password Settings" policy. See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Related policies