Share via

is disabling "Store passwords using reversible encryption" option convert passwords to unreversible state?

Евгений Котляревский 21 Reputation points
2025-03-12T10:07:07.78+00:00

Hi All!!

I inherited an AD domain and GPO with "Store passwords using reversible encryption" option enabled.
This fact worries me very much, and that is why I want to turn this option to "disabled".
My question: after disabling this option should all my users change their password to "rewrite" it in store in unreversible view? Or it is unnecessary and passwords will rewrite themselves (if I may say so) just after disabling option?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,910 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Geoff McKenzie 315 Reputation points
    2025-03-12T23:16:58.9866667+00:00

    Hi,

    Please refer https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption

    Read the whole article and address in potential impacts. However the following quote answers your question.

    "When policy settings are disabled, only new passwords will be stored using one-way encryption by default. Existing passwords will be stored using reversible encryption until they are changed."

    Regards,

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.