Have you heard about the Local Security Policy in Windows 10 and Windows 11, but you do not know what it does? Learn all there is to know about this Windows feature.
I have divided this guide into sections to make it easy to understand. The first section is an overview of the Local Security Policy in Windows 10 and Windows 11.
Then, in the second section, you’ll learn how this Windows security feature works, followed by its main features in section three.
Furthermore, section four highlights the benefits and limitations of the Windows Local Security Policy. Then, in section five, you’ll learn 5 methods to open the Local Security Policy in Windows 10 and Windows 11.
Finally, in my FAQ section, you can get answers to most users’ questions about this Local Security Policy.
- Windows 11 Editions Explained: Which is the Best for You?
- Disk in Task Manager Explained: What it Means and How it Works
Overview
The Windows Operating System offers some features you can use to enhance the security of your PC. If you use your computer in an office and the computer belongs to a Windows network (called “domain”), your IT administrator can apply some of these security features from the server.
In a domain network, the IT administrator will apply these policies using what we call “Group Policy”.
However, if your computer does not belong to a domain, you can apply some of these security features using the Local Security Policy. The Local Security Policy is a set of information you can use to enhance the security of a local Windows computer.
Windows offers the Local Security Policy in two main categories – Account Policies and Local Policies. The Account Policies allow you to set Password policies like enforce password history.
In addition to that, under account policies, you can also set Account Lockout Policies. For example, you can set a policy that determines how many minutes an account stays locked (if locked out) before automatically becoming unlocked.
On the contrary, under the Local Policy section of the Local Security Policy, you can set Audit Policy, User Rights Assignments, and Security Options policies.
In the subsequent sections of this guide, I will break down how these security policies work, their features and advantages, and their limitations.
How the Local Security Policy in Windows 10 and Windows 11 Works
When a Windows 10 or Windows 11 local administrator sets Local Security Policies, the policies apply to all users that log in to the computer.
For example, a local administrator may modify the Local Security Policy, “Allow Log on locally” to allow only administrators to log on to the computer.
This policy will be enforced on the local computer. So, when a non-administrator tries to log in to the computer, the computer will deny the user access.
This policy will remain enforced as long as the computer does not belong to a Windows domain network. If, however, the computer belongs to a Windows domain network, policies (called “Group Policy”) applied by the network administrator will override any Local Security Policy applied by the local administrator.
If this happens, a non-administrator user can log on to the Windows 10 or Windows 11 computer. That is if the Group Policy applied by the network administrator allows non-administrators to log in to computers on the Windows domain network.
Essentially, Local Security Policies applied on the computer from the computer’s Local Security Policy snap-in only apply to the local computer.
Features of the Local Security Policy in Windows 10 and Windows 11
So far, I have discussed an overview of the Local Security Policy. In addition to that, I have also discussed how this Windows security feature works.
In this section, you’ll learn the main features of the Local Security Policy in Windows 10 and Windows 11.
Policies Created from the Local Computer Applies Only to the Computer
Unlike policies applied by a Windows domain network administrator, if a Windows local administrator applies a policy, it is only enforced on the local computer.
On the contrary, if a network domain administrator applies a security policy via Group Policy, the policy applies to all computers and/or users that meet the criteria.
Group Policies Applied by the Network Domain Administrator Takes Precedence over Local Policies
As I hinted in the “how it works” section, if an administrator creates a policy that conflicts with a local policy, the domain policy takes precedence. The implication of this is that the network administrator has more control over Windows computers than local administrators.
So, for domain-joined computers, Local Group Policies apply before Group Policies. So, when the computer applies the Group Policies, they override the local policies.
Windows 10 and Windows 11 Home Editions Do Not Have the Local Security Policy Snap-in
This is a very important feature to mention as many Windows 10 Home users complain that they cannot find the Local Security Policy snap-in. If you own a Windows 10 Home edition, your license does not include this option.
To determine your Windows 10 edition, search winver and open the app. Then, check your Windows edition – see the screenshot below.
If your Windows 10 or Windows 11 shows “Home” where mine displays “Pro” in the screenshot above, you’ll NOT be able to open the Local Security Policy.
So, you need to upgrade your Windows “Home” to “Pro” in this situation.
The Local Security Policy Snap-in Has Nine Nodes
The LSP snap-in has 9 nodes that offer you different policies you can apply to the local computer. However, most of the policies you may need to apply to a local computer are located in the Account Policies and Local Policies nodes.
Moreover, within each node, there are sub-nodes that contain the policies you can enable and apply. As an example, the Account Policies node has two sub-nodes – Password Policy and Account Lockout Policy.
To display the policies available in a sub-node, click on it. For example, click the sub-node to display the policies in the Password Policy sub-node.
Finally, to configure a policy, double-click it. For example, if I want to configure the “Enforce password history”, double-click the policy. Then, configure the policy and click OK.
However, if you need additional help with the policy, click the “Explain” tab.
Pros and Cons of the Local Security Policy in Windows 10 and Windows 11
To further explain the Local Security Policy in Windows 10 and Windows 11, in this section, I discuss the main advantages and limitations of this Windows technology.
Pros (Benefits) of the Local Security Policy
- Local Security Policies has helpful information that explains what the policy does and how to configure it. If you want to enable a policy in the LSP snap-in but you do not know what it does, you can click the “Explain” tab to get more information.
To learn how to do this, see the last sub-section in the features section of this guide. - Local Security Policies help local administrators tighten security on computers used by multiple people. If you manage a small office with computers available to multiple users, you can use the Local Security Policies to enhance the security of the computers.
- It offers ease of configuration. Setting up local policies with the LSP snap-in is relatively easy.
In addition to ease of configuration, the policies apply immediately without requiring you to restart the computer. - Offers Audit and Advanced Audit Policies that allows tracking of events. If you want to track potential security breaches by users that log in to a local computer, you can use the audit policies provided by the Local Security snap-in.
After enabling these policies, you can track the events in the Windows events log. Then, take the necessary actions to tighten the local computer’s security further.
Cons (Limitations) of the Local Security Policy
- Domain Group Policies override the Local Security Policies. If a Windows 10 or Windows 11 computer is joined to a domain, all policies applied by the network administrator override all policies applied via the Local Security Policy.
This is a major limitation for the local administrator because this means that the local administrator loses control over the security of the PC. However, for the network administrator, this is a benefit as this gives the administrator the ability to manage the security of multiple computers. - Local Security Policies apply to local computers. As I mentioned in the features section of this guide, when you set a policy in the Local Security Policy snap-in, the policy applies to the local computer.
So, if your computers are not in a Windows domain network, you have to set the policies individually on each computer. This is time-consuming and an inefficient way to secure your multiple computers.
Therefore, if you run a small office with up to 20 computers, I strongly recommend that you consider joining your computers to the Microsoft Azure Domain. - Windows 10 and Windows 11 Home editions do not feature a Local Security Policy snap-in. I mentioned this earlier in this guide.
However, it is necessary to include it as a limitation because Windows users with the “Home” edition will not benefit from the features of the LSP.
How to Open Local Security Policy in Windows 10 and Windows 11
You can open the Local Security Policy in 5 different ways. This section covers the 5 methods.
Open Local Security Policy in Windows 10 and Windows 11 from Search
The quickest method to open the local security policy in Windows 10 or Windows 1 is to use search.
Here are the detailed steps.
- Type local in the Windows search bar. Then click Local Security Policy.
- It will open…
Access Local Security Policy from Local Group Policy
You can also access the local security policy from the local group policy editor.
The detailed steps…
- Type local group policy in the search bar. Then select Edit group policy.
- At Local Group Policy Editor, expand Windows Settings on the Computer Configuration section. Then expand Security Settings. You can configure your Local Security Policies from the highlighted section of the image below..
Access Local Security Policy from the Run Command
Another easy way to access local security policy is via Run Command. Here are the detailed steps:
- Click the Windows logo and R keys to open the Run command box.
- Then, at the Run command, type secpol.msc and click OK.
Access Local Security Policy from the Command Prompt
This method is very similar to the Run command method. Here are the steps:
- Type command prompt in the search bar. Then click Command Prompt in the search results.
- At the command prompt, type the command below. Then press enter the command below and press the enter key on your keyboard.
secpol.msc
Open Local Security Policy from Control Panel
You can also access security policy from Administrative Tools via Control Panel. The steps are detailed below:
- Type Control Panel into Windows 10 search. Then click Control Panel from the search results.
- When Control Panel opens, click the View by drop-down. Then select Large icons.
- At the modified Control Panel view, click Administrative Tools. It will open in a new Window.
- Finally, to open the local security policy in Windows 10, click Local Security Policy.
Frequently Asked Questions
Yes. Windows 10 and Windows 11 have the Local Security Policy. However, the Home edition of Windows Operating Systems does not have this security snap-in
The reason your Windows 10 or Windows 11 computer does not have the Local Security Policy is likely that you’re running the Home edition of these operating systems.
The Local Security Policy snap-in contains policies that allow you to tighten the security and access of your Windows computer.
The easiest way to open the Local Security Policy is to search for it. You can search Local Security Policy in Windows 10 or Windows 11.
The primary difference between Local Security Policy (LSP) and Group Policy is that LSP is created on a local computer, and the policies apply to the local computer. On the contrary, Group Policy is created on a Domain Controller, and the policies apply to all domain-joined computers that meet the GPO criteria.
Another difference is that Group Policies take precedence over Local Security Policies. So, if you create a local policy and a network administrator creates Group Policies, the network policies will be applied, and the local policies will be ignored.
My Final Thoughts
The Local Security Policy is a set of policies local Windows PC administrators can use to strengthen the security of the local computer.
Local administrators can create these policies using the Local Security Policy snap-in. These policies are applied to the local computer and to all users who sign in to the local computer.
However, if the computer belongs to a Windows domain, policies (Group Policies) that network administrators apply override local policies.
I hope I have been able to explain this Windows feature and made it easy for you to understand. If I did a good job, would you spare us 2 minutes to share your thoughts at Itechguides Community?
On the other hand, if you have any questions about this Windows tool or any related tool, you could also ask a question by replying to this article’s topic at Itechguides Community.
Finally, you may read more Windows articles via one of these links – Windows 11 How-To Guides, Windows 10 How-To Guides – Over 500 Guides
References and Further Reading
- Local Security Policy – Win32 apps | Microsoft Docs
- Security policy settings reference (Windows 10) – Windows security | Microsoft Docs
- Configure security policy settings (Windows 10) – Windows security | Microsoft Docs
- Security policy settings (Windows 10) – Windows security | Microsoft Docs
- Administer security policy settings (Windows 10) – Windows security | Microsoft Docs
- User Account Control Group Policy and registry key settings (Windows) – Windows security | Microsoft Docs
- Registry path for password complexity and storing passwords using reversible encryption (microsoft.com)
- Itechguides Community
To ask a question or comment about this article, visit the article's topic at Itechguides Community