If your Windows 10 computer is a member of a domain you may be familiar with the Group Policy editor (gpedit.msc). Group Policy allows you to control settings on many Windows computers from a central location. However, if you have a standalone computer, you can achieve the same result with the local security policy editor or secpol.msc.
Secpol is a way in which you can control various security policies and settings that define different behaviors on your Windows 10 computer. And it's a great way to ensure you have a standard security policy configuration across multiple computers if you don't have a domain.
To get to the local security policy editor, type in "secpol" in the Windows 10 search bar and click on the resulting applet shown.
Once opened, you are presented with categories and options to change a slew of different settings.
Let's dive into a few of the more common scenarios you'll run into where you'll need to use the local security policy editor, like creating security policies and importing them on other Windows 10 machines.
How To Set Your Password Policy With Secpol
Having a password policy is a great first step in increasing the security of your Windows 10 computer.
To set a password policy via the local security policy editor, you'll need to first double-click on Account Policies on the left side and then click on Password Policy. This will then show you various options for setting a password policy on your Windows 10 computer.
At a minimum, you should change the minimum password age and password length. To do this, you'll double-click on the Minimum password length setting and modify it to whatever length you'd like.
Also notice the Explain tab above. This tab is in every setting you open in the local security policy editor. It's a great way to see exactly what that particular setting does and how it might affect your Windows 10 computer.
Next, let's change the minimum password age. To do this, requires the exact same steps as changing the minimum password length.
Finally, for our password policy to actually have any effect, it needs to be enabled. This is done by enabling the option Password must meet complexity requirements.
Our password policy is now in effect.
How To Export And Import Security Policies
Now what if you'd like to take these settings to another computer? You can do that by exporting out the configuration and importing it into another computer. Once you have all of the settings configured how you'd like you can click on Security Settings in the main window and click on the Action menu. This gives you an option to export the policy.
Once you click on this, you are then prompted to save your security settings file (INF) into a location of your choice. This INF file is a text file containing all of the settings you just set.
Move this INF file to another computer that you'd like to modify the security settings on, open up the Local Security Policy application as you did before and ensure the Security Settings node is clicked on. Click on Action again and this time choose Import Policy.
You will then be prompted for the INF file you just exported. When imported, this new computer will then have all of the settings you had defined in the other computer.
The local security policy editor is a great tool for setting numerous security settings on your Windows 10 computer. And, by utilizing the import/export feature, you can replicate group policy functionality by applying a standard security configuration across many workgroup computers.