I'm reviewing our complex password policy that was setup by a previous admin and I'm trying to gain some clarification on the setting for Reversible Encryption. In our organization, reversible encryption is not needed and should be disabled. When I review the GPO that's in place and I can see that for the setting:
Store passwords using reversible encryption: Not Defined
My understanding is that if it's set to 'Not Defined', then the default value is set to Disabled but maybe I'm incorrect on this. When I run rsop on my system, it reflects the Not Defined status.
Where I'm a bit confused though is when i run the PS cmdlet Get-ADDefaultDomainPasswordPolicy; I'm seeing the ReversibleEncryptionEnabled property as being set as True.
Shouldn't this be reflective of Disabled, per how my Password Policy GPO is configured?