How to Configure Security Policy Settings
Updated: May 1, 2013
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
This procedural topic for the IT professional describes steps to configure a security policy setting on the local computer, on a domain-joined computer, and on a domain controller.
This topic pertains to the versions of Windows designated in the Applies To list above. Some of the user interface elements that are described in this topic might differ from version to version.
You must have Administrators rights on the local computer, or you must have the appropriate permissions to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
When a local setting is inaccessible, it indicates that a GPO currently controls that setting.
In this topic
To configure a setting for your local computer
To configure a setting for computer that is joined to a domain
To configure a setting for a domain controller
To configure a setting for your local computer
To open Local Security Policy, click Start, type, secpol.msc.
Navigate the console tree to Local Computer Policy\Windows Settings\Security Settings
Under Security Settings of the console tree, do one of the following:
Click Account Policies to edit the Password Policy or Account Lockout Policy.
Click Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
When you find the policy setting in the details pane, double-click the security policy that you want to modify.
Modify the security policy setting, and then click OK.
Note
To configure a setting for computer that is joined to a domain
The following procedure describes how to configure a security policy setting for a Group Policy Object when you are on a workstation or server that is joined to a domain.
You must have the appropriate permissions to install and use the Microsoft Management Console (MMC), and to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
To open the MMC and add the Group Policy Object Editor, click Start, type mmc.msc.
On the File menu of the MMC, click Add/Remove snap-in, and then click Add.
In Add Standalone Snap-in, double-click Group Policy Object Editor.
In Select Group Policy Object, click Browse, browse to the GPO you would like to modify, and then click Finish.
Click Close, and then click OK.
This procedure added the snap-in to the MMC.
In the console tree, locate GroupPolicyObject [ComputerName] Policy, click Computer Configuration, click Windows Settings, and then click Security Settings.
Do one of the following:
Click Account Policies to edit the Password Policy or Account Lockout Policy.
Click Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
Click Event Log to edit event log settings.
In the details pane, double-click the security policy setting that you want to modify.
Note
If this security policy has not yet been defined, select the Define these policy settings check box.
- Modify the security policy setting and then click OK.
To configure a setting for a domain controller
The following procedure describes how to configure a security policy setting for only a domain controller (from the domain controller).
To open the domain controller security policy, in the console tree, locate GroupPolicyObject [ComputerName] Policy, click Computer Configuration, click Windows Settings, and then click Security Settings.
Do one of the following:
Double-click Account Policies to edit the Password Policy, Account Lockout Policy, or Kerberos Policy.
Click Local Policies to edit the Audit Policy, a User Rights Assignment, or Security Options.
Click Event Log to edit event log settings.
In the details pane, double-click the security policy that you want to modify.
Note
If this security policy has not yet been defined, select the Define these policy settings check box.
- Modify the security policy setting, and then click OK.
Important