The Local Security Settings tool is found in the Control Panel's Administrative Tools menu. You must have administrator privileges to access the Local Security Settings.
The Local Security Settings include:
Account Policies: Password and account lockout policies.
Local Policies: Audit policies, user rights assignments, and security options.
Public Key Policies: Configure encrypted data recovery agents and trusted certificate authorities.
IP Security (IPSec) Policies: Configure network IP security on the local machine.
By using the Group Policy Editor via a command you are given more control over settings for the local machine. You must have administrator privileges to access the Group Policy Editor. Click Start, Run, and type gpedit. msc and press enter. All the controls in the Local Security Settings are available here plus many more. The level of control over the local machine is truly remarkable. If you use gpedit. msc you will find the Local Security Settings under the Windows Settings folder.
The default setting for Password Policy allows insecure passwords. Users can set passwords with only one letter if they want. The more complex the password id the more secure it is. Its a good idea to set a minimum length here and also select password complexity which stops people using words as passwords or simple variations of words. You can also set passwords to expire forcing users to change their passwords at predetermined intervals. I suggest you use long passwords of at least 8 characters with a mix of letters and numbers. Its important to remember that if your on a domain network, domain security settings will override these settings.
Account Lockout Policy
This policy will lock the account of a user if X number of unsuccessful attempts in Y number of minutes are made to log into an account. It will lock for Z number of minutes. There are 3 policies in this folder, 1 each for X, Y, and Z. If an account is locked the user can either wait for the account to unlock or contact a person with administrator privileges to unlock it. Once again any domain level policies will override this local setting.
The Audit Policy allows administrators to log user activity. When auditing is turned on for events they are recorded in the security log which can be found in the Event Viewer within Administrative Tools. The size of the security log is limited and also auditing consumes computer resources and slows performance, keep this in mind.
User Rights Assignment
This policy is set by groups not users, also the domain settings will override local settings, thus two columns “Local setting" and “effective Setting". Some rights are negative rights, “Deny Logon Locally".
Security Options gives a range of additional security options such as preventing users from installing printer drivers, allowing the removal of removable NTFS media, and many other things.
Encrypted Data Recovery Agent
This allows you to add users who can act as a recovery agent in the event people are locked out from their encrypted files. By default the administrator is a recovery agent.
IP Security Policies on Local Machine
Configures network IP security on the local machine. These policies are either simply assigned or the use of a wizard is used to create a policy
Author: Wayne Jansson MCP A+ Network+ jansant© 2007
Wayne Jansson MCP A+ Network+
Computer help for the home user and small business. Information to help users make the most out of their computer and network systems. The aim of the web-site is to help users spend less time working out how to set up and maintain their computers and network systems, so they have more time to spend actually using them for their intended purpose, running their business.