GPO tool

Group Policy made searchable

A free ADMX browser or comparison tool for IT administrators. Search policies, find registry keys, and see exactly what each setting writes to the Windows Registry. Or compare two GPO backups to see exactly what has changed between them.

Select a product
  • Select a category.

Enable password encryption

When you enable this setting, the managed password is encrypted before being sent to Active Directory.

Enabling this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) the Active Directory domain functional level is at Windows Server 2016 or above.

If this setting is enabled, and the domain functional level is at or above Windows Server 2016, the managed account password is encrypted.

If this setting is enabled, and the domain functional level is less than Windows Server 2016, the managed account password is not backed up to the directory.

If this setting is disabled, the managed account password is not encrypted.

This setting will default to enabled if not configured.

See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.

Registry Information

VendorMicrosoft
ProductLAPS
CategoryLAPS
Applies toComputer Configuration
Supported onAt least Microsoft Windows 10 or later
Registry Key[HKLM]SOFTWAREMicrosoftWindowsCurrentVersionPoliciesLAPS
Value NameADPasswordEncryptionEnabled
TypeREG_DWORD
Enabled value1
Disabled value0