Windows Vista: Minimum Password Age Policy

Best practices for configuring Vista password policy settings

In Windows Vista, the Minimum Password Age setting determines the period of time, in days, that a password can be used before you must change it. You can set a password to expire anywhere between 1 and 999 days, or you can allow changes immediately by setting the minimum password age setting number of days to zero (0).

This information applies to Windows Vista, Windows 8.1, Windows 8, and Windows 7, as well as to Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Minimum and Maximum Password Age

The Minimum Password Age setting must be lower than the Maximum Password Age setting unless the Maximum Password Age is set to 0, in which case the password never expires. If the Maximum Password Age is set to 0, the Minimum Password Age can be set to any value between 0 and 998.

If you are an administrator updating these settings for another user, the Minimum Password Age setting will prevent the user from changing their password until the minimum amount of time has passed. Select the checkbox titled User must change password at next logon to prompt the user to add a new password when they log in. This setting is commonly used by administrators helping new employees set up their accounts during onboarding.

Password Best Practices

Best practices suggest setting a maximum password age of 60 days, a small window of time during which the password might be hacked and used.

Setting a minimum password age is useful in conjunction with the Enforce password history setting, which determines how many new passwords you must use before you can reuse a password.

Was this page helpful?