This tool gives you access to advanced security settings. It contains a collection of security rules called policies.
A policy either restricts or allows some setting in your system. As this tool provides a very advanced access to your system, it should be used carefully, or else you may end up with a vulnerable system.
Local Security Policy is not restricted to a computer; its policies can apply on the network domain.
The user interface is divided into 3 panes.
As the tree pane displays, the policies are classified into several categories, depending on the scope of their application. Selecting any policy folder in the tree pane lists all its policies in the description pane.
Local Security Policy tool is an enormous beast. You may be overwhelmed by the sheer number of settings it provides you to control your computer and network domain. I will list some of the interesting policies.
More than half of the policies are not configures by default. You can enforce a policy by setting or customizing its properties. Double-click on a policy to reveal its properties.
Generally, there are two tabs in the properties window.
Suppose that I have set up a web server on my machine. Naturally, I want to fortify it by applying security settings.
One of the settings that I apply is to enforce the user accounts’ passwords to expire after a certain number of days. So, I go to Account Policies → Password Policy → Maximum password age.
Windows will ask a user for a new account password after the number of day specified in this policy passes.
Now, the machine being a server, I can’t afford a user to shut it down whenever he feels like doing it. So, I want to restrict the shutdown permission to only myself. For that, I go to Local Policies → User Rights Assignment → Shutdown the system
I just have to remove all the users and groups but myself from the list.
Now, only my user account can shut down the computer.