Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer

The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer

View products that this article applies to.

Symptoms

Consider the following scenario in a domain environment:

  • You configure the following Group Policy settings:
    • Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history
    • Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age
  • You use a password reset application to reset user accounts' password, such as Forefront Identify Manager 2010.

In this scenario, Enforce password history and Minimum password age policy settings do not work, and you can set the account password to a previous password in the password history at any time. However, the expected behavior is that you cannot set the password to a previous password in the password history during the period that is configured by using the Minimum password age policy setting.

For example, you reset your account password by using the Self-Service Password Reset functionality in Microsoft Forefront Identity Manager 2010. However, Forefront Identity Manager does not enforce password history when your account password is reset.

Note: The issue only affects some specific password reset applications. Normal AD password reset operations by using built-in operating system tools are not affected.

↑ Back to the top

Cause

This issue occurs because the password reset mechanism in the application does not check the password history when a password is reset.

↑ Back to the top

More Information

The hotfix for this issue is no longer available. This issue does not occur in Windows Server 2012 and later versions. Consider upgrading to Windows 10 to get the most up-to-date security and other features built right in. To get Windows 10, see Windows 10 Home. Need more info on Windows 10? See Upgrade to Windows 10: FAQ.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

For more information about the Enforce password history policy setting, visit the following Microsoft webpage.

Introduction to enforce password history

For more information about best practices to set a password, visit the following Microsoft webpage.

Introduction to password best practices

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: kb, kbqfe, kbfix, kbsurveynew, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 2386717
Revision : 3
Created on : 3/25/2019
Published on : 3/25/2019
Exists online : False
Views : 171