What is Secpol.msc?

Secpol.msc is the local security policy of a system. Using Secpol, you can control various security policies and settings, that define behaviours on your local computer.

How to access Secpol.msc?

On the Start Menu, search for secpol.msc and press enter/click to open. This will launch Local Security Policy.

The Local Security Policy - Secpol.msc

When you open Local Security policy, this is what you'll see:

On the left pane, you'll see nine different categories of local security policy settings that can be configured:

1Account policies: Set password policies and account lockout policies
2Local Policies: Enabling Audit policies, user rights and security policies.
3Windows Defender Firewall with Advanced Security: Configuring Firewall settings.
4Network List Manager Policies: Network details and group policies.
5Public Key policies: Set public key policies
6Software Restriction Policies: Configuring software policies
7Application Control Policies: Configuring Applications security policies.
8IP Security policies on Local Computer
9Advanced Audit Policy Configuration

Comment:
Increasing your system security using secpol.msc.

Information included in the Local Security Policy:

The domains to which the local computer belongs to and can authenticate logon attempts.
User accounts that can access this particular computer.
The privileges and rights assigned to each account.
The security auditing policy.

It ensures a standard security policy configuration across multiple computers if they are not added into a domain.

Setting a password policy automatically increases your security. Steps to enable and set your password policy are mentioned below.

Double click on Account Policies.
Click on Password Policy.
Make the necessary changes according to your preferences.

Importing and Exporting Policies.

Secpol can be used for importing policies from another computer or exporting current policies to another computer. The below mentioned steps will help you do the same:

Click on Actions, and from the dropdown select Import Policy or Export Policy

Differences between gpedit.msc and secpol.msc

Gpedit.msc applies policies/settings to computers and users in the domain universally and are handled by the domain administrator from a central location. On the other hand, Secpol.msc or Local Security Policies, as the name suggests, are applicable only to a particular local machine.

Gpedit.msc is the name for the Group Policy Editor console, a graphical UI for making registry entries. Editing registry entries is complicated as they are located in different places throughout the computer registry. This tool makes it easier for admins to manage registries.
Secpol.msc is a Windows module used for administration of system settings. The Local Security Policy belongs to the Group Policy Editor, used to administer a subgroup of what you can administer using the gpedit.msc.
The gpedit.msc is broader and secpol.msc is narrower and focuses more on security related registry entries.

Auditing Local security policy changes with ADAudit Plus.

An easier way to audit changes made to policies is through a comprehensive Active Directory (AD) auditing and reporting solution like ADAudit Plus. Its intuitive user interface, pre-configured reports, and advanced filter options make it easy for you to track any policy changes.

Steps to track policy changes with ADAudit Plus:

Login to ADAudit Plus → Go to Server Audit Tab → Policy Changes → Policy Changed.

Looking for a more advanced solution to audit your files and folders?

Active Directory Auditing just got easier!

ADAudit Plus comes bundled with more than 300 predefined reports that makes your AD auditing easier. The solution also sends real-time alerts for critical events and thereby help you to secure your network from threats and boost your IT security posture. Check out the capabilities of ADAudit Plus here.

Download ADAudit Plus