Security setting descriptions

Computer Configuration\Windows Settings\Security Settings

Security areaDescription

Account Policies

Password Policy, Account Lockout Policy, and Kerberos Policy

Local Policies

Audit Policy, User Rights Assignment, and Security Options

Event Log

Application, system, and security Event Log settings

Restricted Groups

Membership of security-sensitive groups

System Services

Startup and permissions for system services

Registry

Permissions for registry keys

File System

Permissions for folders and files

You can configure the security settings that are described in this section on one computer, or on many computers, by using the Security Configuration Manager tools. The Security Configuration Manager tools consist of:

Security Templates

Security Configuration and Analysis

The Secedit.exe command-line tool

Local Security Policy

The Security Settings Extension to Group Policy

To set or to modify individual security settings on individual computers, use Local Security Policy. To define security settings that are enforced on any number of computers, use the Security Settings Extension to Group Policy. To apply several settings in a batch, use Security Templates to define the settings, and then apply those settings by using Security Configuration and Analysis or Secedit.exe, or import the template that contains your settings into Local Policy or Group Policy.


Top of pageTop of page