Password uniqueness (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check verifies that the Windows password settings require a specified number of passwords to be retained as password history. These passwords cannot be reused when a password is changed. The valid range of password history is 0 to 24 passwords.

The following table lists the error message for the check.

Table: Error message for Password uniqueness

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: Policy Compliance

  • Windows 2000 (105333)

  • Windows 2003 (205333)

  • Windows 2008 (248333)

  • Windows Vista (228333)

  • Windows XP (200333)

Title: Minimum password history too low

Description:The number of passwords required to be retained as password history is set too low. This lets users recycle expired passwords too quickly and defeats the requirement to change passwords on a regular basis. A password history setting of at least 10 is recommended.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Min history: %s; expected: %s]