How to Enforce Password History for Local Accounts in Windows 10

  • Last updated
How to Enforce Password History for Local Accounts in Windows 10 blog banner image
  • Last updated

This is a simple guide on how to enforce password history for local accounts. One of the most basic (and arguably underutilized) security features in Windows 10 is enforcing password history, which prevents users from reusing previous passwords. This feature helps improve security by ensuring users do not cycle through a small set of passwords, reducing the risk of unauthorized access.

Manage Windows client endpoints at scale with NinjaOne.

Learn more about Windows RMM.

Prerequisites to configure password history in Windows 10

Before configuring password history in Windows 10, ensure you have the following requirements:

  1. Windows 10 Edition: The Local Group Policy Editor is only available in Windows 10 Pro, Enterprise, and Education editions. Windows 10 Home users cannot access this tool but can configure similar settings via the Command Prompt.
  2. Administrator Privileges: You must be logged in as an administrator to modify Group Policy settings.
  3. Backup: Before making changes to security policies, it is advisable to create a system restore point or backup important data in case you need to reverse any changes. Use a tool like NinjaOne to secure your business-critical data.

Step-by-step guide to configure password history in Windows 10

1. Access the Local Group Policy Editor

To configure account policies in Windows 10, you need to access the Local Group Policy Editor.

  • Press Windows + R to open the Run dialog box.
  • Type gpedit.msc and press Enter.
  • The Local Group Policy Editor will open.

2. Navigate to the relevant policy

Once inside the Group Policy Editor, navigate to the following location:

  • Expand Computer Configuration.
  • Go to Windows Settings.
  • Open Security Settings.
  • Click on Account Policies.
  • Select Password Policy.

Local Group Policy Editor window showing Enforce password history

3. Modify the “Enforce Password History” policy

In the Password Policy section, locate the Enforce password history setting:

  • Double-click on Enforce password history.
  • A new window will appear where you can configure the policy.
  • In the Security Setting field, enter the number of previous passwords you want the system to remember. The value can be between 0 and 24.
  • Click Apply, then Ok to save the changes.

Enforce password history Properties selecting number to keep password history for

For optimal security, we recommend configuring Windows to remember at least 5-10 previous passwords to ensure that users cannot quickly cycle back to a previously used password.

4. Apply and test the changes

After configuring the policy, it is essential to test whether it is enforced.

  1. Open Command Prompt as an administrator.
  2. Type the following command to update Group Policy:
    gpudate /force
  3. Try changing the password for a local account and attempt to reuse a previous password.

If the system prevents you from using an old password, the policy is successful.

Troubleshooting password policy not applying in Windows 10

In this portion of the guide, we discuss common issues that may occur when enforcing password rules in Windows 10 and how to troubleshoot them.

Group Policy settings do not apply

  • Occasionally, Group Policy settings do not immediately take effect. This usually happens due to delayed policy updates or incorrect configurations.
  • To resolve this, run gpupdate /force in Command Prompt, restart your computer, and ensure changes are applied.

Unable to access Local Group Policy Editor

  • Some editions of Windows do not have the Group Policy Editor.
  • To resolve this, use this Command Prompt alternative:

net accounts /uniquepw:5

  • Replace “5” with the desired number of remembered passwords.

Password history not being enforced

  • This happens when users can still reuse old passwords despite policy changes. It may also occur when the policy is not properly configured or is overridden by another setting.
  • To resolve this, verify settings in gpedit.msc, ensure no conflicting policies exist, and restart the system after applying changes.

Policy settings reset after restart

  • This can occur is a system restores or third-party software resets policies. In this case, your password history settings will revert to the default.
  • To resolve this, check for conflicting third-party security software and ensure Group Policy changes are saved properly.

Using bypass password history enforcement

  • If the minimum password age is not set, users can quickly change passwords multiple times to reset history, circumventing the policy.
  • To resolve this, configure Minimum Password Age in Group Policy to prevent immediate password changes.

Experience market-leading efficiency with a powerful Windows RMM.

→ Start your 14-day free trial.

Understanding Windows 10 password policy settings

Password history is a security feature in Windows 10 that tracks previously used passwords and prevents password reuse on local accounts. When users attempt to change their passwords, the system checks the stored history to see if the new password is unique.

This feature prevents users from cycling between a few easy-to-guess passwords. Its importance cannot be overstated. By enforcing password history, organizations and individuals reduce the risk of password-based attacks, such as brute force attacks or credential stuffing, encourage users to create and use stronger, more varied passwords, and enhance overall system security by preventing weak password reuse.

Importance of password history enforcement in Windows 10

Weak password practices remain a major cybersecurity threat in 2025. An article by VPNRanks states that 52.9% of data breaches are linked to weak passwords, with 30% directly tied to them. In addition, Techopedia has found that 41% of people globally use the same passwords across multiple accounts. This is a severe security vulnerability: A single compromised password could expose numerous accounts.

Remembering every password can be challenging, but losing access to any account is much more troublesome. We recommend designing robust credential management strategies, using a password manager, and using a Windows RMM like NinjaOne to monitor, manage, and secure your Windows endpoints effortlessly.

Frequently Asked Questions (FAQs)

1. What editions of Windows 10 support this feature?

Password history enforcement via Group Policy is available in Windows 10 Pro, Enterprise, and Education. Windows 10 Home users must use the Command Prompt method.

2. Can password history be configured without Group Policy?

Yes, Windows 10 Home users can configure password history using the following command in an Administrator Command Prompt:

net accounts /uniquepw:5

This achieves the same effect as the Group Policy setting.

3. How many passwords should be remembered for optimal security?

Security best practices recommend remembering at least 5 to 10 passwords to prevent easy cycling of previously used credentials.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

Start your Free Trial

You might also like

Enable or Disable Cloud Content in Search Results in Windows blog banner image

How to Enable or Disable Show Cloud Content in Search Results in Windows 10

GPT vs MBR: What's the difference? blog banner image

Understanding GPT vs MBR: Which is Best When Partitioning a Drive?

How to Backup and Restore Permissions of Files, Folders and More blog banner image

How to Backup and Restore Permissions of Files, Folders, or Drives in Windows

How to Manually Scan Files, Folders, and Drives for Malware in Windows 10 blog banner image

How to Manually Scan Files, Folders, and Drives for Malware in Windows 10

How to Force Password Change at Next Sign-in in Windows 10 and Windows 11 blog banner image

How To Force Password Change at Next Sign-in in Windows 10 and Windows 11

How to Configure Password Age for Local Accounts in Windows blog banner image

How To Configure Password Age for Local Accounts in Windows 10 and Windows 11

Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept