Windows Local Security Policy – CompTIA A+ 220-802: 1.4


If your computer isn’t part of a Windows Domain, then you’ll manage your security policies on the local computers. In this video, you’ll learn how to start and use the Windows Local Security Policy manager.
<< Previous Video: Windows Users and GroupsNext: Using Windows Performance Monitor >>


When you think about the word “security policy,” you usually think about large organizations. They have many users, and they need a standard way to define security across the entire enterprise.

You can also do similar things with security policy on a computer-by-computer basis. If you’re a smaller organization and you don’t have an Active Directory infrastructure using that Windows domain functionality, then you don’t have a way to centralize your security policies. Fortunately, Windows provides us with a way to be able to do exactly that on an individual basis through something called the local security policy.

This local security policy you’ll find in the professional, the business, the enterprise, the ultimate versions of Windows. But if you’re running a Windows edition that’s a home version, you’ll notice that this capability is not built into the OS. You’ll need to be running those higher end additions to be able to see the local security policies.

If you’re running Windows XP, Windows Vista, or Windows 7, you’ll find your local security policies in exactly the same place. Let’s go to our Start menu under the Control Panel. We’ll go to Administrative Tools.

And inside of the Administrative Tools is the Local Security Policy. From here, you get to define how your local machine uses these different security functions. For example, if I choose Account Policies, you’ll notice that I have Password Policies inside of this.

I also have Account Lockout Policies. So I can enforce a password history where Windows remembers the last numbers of passwords you’ve used so that you can’t reuse the password. You can also set a maximum age of a password. After that many days, then you have to tell Windows to use a new password. You have to reset that password to something else.

You can also set an example for complexity requirements. Notice you’re getting into the real details of security. And it’s the same whether you’re looking at passwords, account lock outs. You also have things like local policies and user rights assignments.

There’s extensive local security policies that you can set for everyone who might be using this computer. And you can assign them different options. You can change the configuration of how it works. You can make your computer very, very tightly secure, or you can set the security options to be a little more relaxed. And you would do all of that inside your local security policy.

As soon as you go through this list and see how extensive it is, you can start setting those options for your security policies and then put them into effect simply by making the change inside of this. And it takes effect immediately.

When you make this local security policy change, anyone who is logging on to this device or connecting to this device remotely who’s using these local users and local groups will also use these local security policies as well.