Back
  • Misconfig Name
  • Password history is not configured to restrict users from reusing their last 24 passwords
  • Description
  • "Password history:" Number of unique passwords that must be used before an user can re-use his old password. Configure password history length to restrict users from reusing their last 24 passwords.
  • Severity
  • Moderate
  • Category
  • Password Policy
  • Resolution
  • Follow the below steps in GPO to resolve the misconfiguration. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Enforce password history" to "24" passwords remembered.
  • Reboot Required
  • No