- A local security policy is the set of rules a business uses to protect its local network.
- A local security policy can be managed with a group policy editor or a local security policy editor, which is Secpol.msc on Windows 10.
- You can import and export security policies in four easy steps.
- This article is for entrepreneurs and IT professionals who want to learn about managing local security policies.
If your Windows 10 computer is a member of a domain, you may be familiar with the group policy editor, Gpedit.msc. The group policy editor allows you to control settings on many Windows computers from a central location. However, if you have a stand-alone computer, you can achieve the same result with the local security policy editor, or Secpol.msc.
Secpol is a way to control various security policies and settings that define different behaviors on your Windows 10 computer. It's also a great way to ensure a standard security policy configuration across multiple computers if you don't have a domain.
What is a local security policy?
A local security policy includes the standards an organization uses to ensure a safe network throughout a worksite. From the way users browse the internet to the files they upload and download, a local security policy can set requirements to ensure your business's network is protected. The particulars of these standards may shift slightly between companies, given the different priorities between organizations, but each security policy has some common controls and functions, including these:
- Login authentication
- User permissions
- Security audits
A security policy can also include password requirements and measures such as two-factor authentication.
Did you know? The majority of data breaches are due to human error. An effective security policy can reduce user mistakes that compromise network security.
To get to the local security policy editor, type "secpol" in the Windows 10 search bar and click on the resulting applet.
Then, you'll be presented with categories and options to change various settings.
Let's dive into a few of the more common scenarios where you'll need to use the local security policy editor, like creating security policies and importing them on other Windows 10 machines.
Tip: Make the most out of Windows 10 security options with settings like privacy controls, Windows updates and backups.
How do I set a password policy with Secpol?
Establishing a password policy is a great first step in increasing the security of your Windows 10 computer. Follow these steps to set your password policy:
- Access the password settings.
- Edit the password length.
- Review the Explain tab as needed.
- Edit the password age.
- Enable password complexity requirements.
1. Access the password requirement settings.
To set a password policy via the local security policy editor, you'll need to double-click Account Policies on the left side and then click on Password Policy. This will show you various options for setting a password policy on your Windows 10 computer.
2. Edit the password length.
If nothing else, you should change the minimum password age and password length. To do this, you'll double-click on the "Minimum password length" setting and modify it to whatever length you'd like.
3. Review the Explain tab as needed.
If you want to know more about the password length or another specific setting, right-click the setting you want explained and click Properties, then Explain. This will tell you exactly what that particular setting does and how it might affect your Windows 10 computer.
4. Edit the password age.
Next, let's change the minimum and maximum password age, which concerns how long a user can have a password before they can reset it (minimum) or must reset it (maximum). This is the same process as changing the minimum password length.
5. Enable password complexity requirements.
Finally, for your password policy to have any effect, it needs to be enabled. To do this, select Enabled under the option "Password must meet complexity requirements."
Once enabled, your password complexity requirements for users of that computer are set.
How to export and import security policies
Now, what if you'd like to take these settings to another computer? You can do that by exporting out the configuration and importing it into another computer.
1. Select 'Export Policy.'
Once you've configured all of the settings how you'd like, you can click on Security Settings in the main window and then on the Action menu. This gives you an option to export the policy.
2. Save the INF file.
Once you click on this, you are prompted to save your security settings as a setup information (INF) file into a location of your choice. This INF is a text file containing all of the settings you just configured.
3. Import the INF file to other devices.
Move this INF file to another computer whose security settings you'd like to modify. Open the Local Security Policy application as you did before and select the Security Settings node. Next, click on Action again, and this time choose Import Policy.
4. Save the INF file to the import computer.
You will then be prompted for the INF file you just exported. When you've imported it, this new computer will have all of the settings you defined in the other computer.
The local security policy editor is a great tool for setting numerous security policies on your Windows 10 computer. With the export/import feature, you can even replicate the group policy function by applying a standard security configuration across your workgroup computers.
Eduardo Vasconcellos contributed to the writing and research in this article.