Local Security Policy is a built-in Windows tool that lets you control security settings on your computer. It manages password rules, account lockouts, audit logs, and user rights. If you need to open it, here is the fastest way.
Quickest method: Press Win + R, type secpol.msc, and hit Enter.
What Is Local Security Policy?
Local Security Policy (secpol.msc) is a Microsoft Management Console snap-in. It gives you direct access to the security configuration of your Windows machine.
Think of it as a control panel for your system’s security rules. You can set how long passwords must be, how many failed logins lock an account, who can shut down the PC, and much more.
It is available on:
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 11 Pro
- Windows 11 Enterprise
- Windows Server editions
Important: Windows Home editions do not include secpol.msc. It is a Pro and Enterprise feature only.
All Methods to Open Local Security Policy in Windows 2026
Method 1: Run Dialog Box (Fastest)
- Press Win + R on your keyboard
- Type
secpol.msc - Press Enter or click OK
The Local Security Policy window opens immediately. No admin prompt needed if you are already on an administrator account.
Method 2: Windows Search Bar
- Click the Search icon on the taskbar (or press Win + S)
- Type
Local Security Policy - Click the result that appears
- Click Open
This works well if you forget the exact command name.
Method 3: Control Panel Path
- Open Control Panel
- Go to System and Security
- Click Administrative Tools
- Double-click Local Security Policy
This is the longer route but useful if you are already in Control Panel.
Method 4: Command Prompt or PowerShell
- Press Win + X
- Select Windows Terminal, PowerShell, or Command Prompt
- Type
secpol.mscand press Enter
This launches the tool directly from the terminal. Useful for IT pros working in command-line environments.
Method 5: Task Manager
- Press Ctrl + Shift + Esc to open Task Manager
- Click File then Run new task
- Type
secpol.msc - Click OK
This method is handy when your desktop is unresponsive or Explorer has crashed.
Method 6: Desktop Shortcut (For Regular Use)
If you use this tool often, create a shortcut:
- Right-click on your Desktop
- Select New then Shortcut
- In the location field, type
secpol.msc - Click Next, name the shortcut (e.g., “Security Policy”)
- Click Finish
Double-click it anytime to launch the tool instantly.
What You Can Do Inside secpol.msc
Once open, the left panel shows a tree of security categories. Here is what each section does.
Account Policies
This section controls password and lockout behavior.
| Setting | What It Does |
|---|---|
| Password must meet complexity requirements | Forces use of uppercase, numbers, symbols |
| Minimum password length | Sets the shortest allowed password |
| Maximum password age | Forces users to change passwords periodically |
| Account lockout threshold | Locks account after X failed login attempts |
| Account lockout duration | How long the account stays locked |
These settings are critical for protecting against brute force attacks.
Local Policies
This section has three sub-categories.
Audit Policy: Controls what gets logged in the Windows Event Viewer. For example, you can log failed logins, privilege use, or object access.
User Rights Assignment: Decides which users or groups can perform specific actions. Examples include:
- Who can shut down the computer
- Who can log on locally
- Who can manage audit and security logs
- Who can change system time
Security Options: A long list of granular security settings. Some common ones:
| Setting | Purpose |
|---|---|
| Rename administrator account | Hides the default admin account name |
| Interactive logon: do not display last user name | Improves privacy at login screen |
| Shutdown: allow system to be shut down without logon | Controls whether shutdown is allowed from login screen |
| Network access: do not allow anonymous enumeration | Blocks anonymous users from listing accounts |
Windows Defender Firewall with Advanced Security
This node links to firewall settings. You can manage inbound and outbound rules from here.
Advanced Audit Policy Configuration
More detailed than the basic Audit Policy. Lets you log specific subcategories like:
- Logon/Logoff events
- Object access
- Process creation
- Registry changes
For system administrators and security analysts, this section is gold.
Step-by-Step: Common Tasks in Local Security Policy
How to Set a Minimum Password Length
- Open
secpol.msc - Expand Account Policies
- Click Password Policy
- Double-click Minimum password length
- Set the number of characters (e.g., 12)
- Click OK
Changes apply immediately or after Group Policy refreshes (a few minutes).
How to Enable Account Lockout
- Open
secpol.msc - Expand Account Policies
- Click Account Lockout Policy
- Double-click Account lockout threshold
- Set a number like 5 (locks after 5 bad attempts)
- Click OK
- Windows will suggest values for lockout duration and reset time. Accept or customize them.
How to Audit Failed Logins
- Open
secpol.msc - Expand Local Policies
- Click Audit Policy
- Double-click Audit logon events
- Check Failure
- Click OK
Now every failed login attempt gets recorded in Event Viewer under Windows Logs > Security.
How to Prevent Users from Shutting Down the Computer
- Open
secpol.msc - Expand Local Policies
- Click User Rights Assignment
- Double-click Shut down the system
- Remove users or groups you want to restrict
- Click OK
secpol.msc vs gpedit.msc: What Is the Difference?
Many people confuse these two tools. Here is a clear comparison.
| Feature | secpol.msc | gpedit.msc |
|---|---|---|
| Full name | Local Security Policy | Local Group Policy Editor |
| Scope | Security settings only | All Group Policy settings |
| Includes User Configuration | No | Yes |
| Includes Computer Configuration | Partial | Yes (full) |
| Available on Home? | No | No |
| Easier for security tasks? | Yes | Overkill for simple tasks |
Use secpol.msc when you only need to adjust security rules. Use gpedit.msc when you need broader system policy control.
According to Microsoft’s official documentation, secpol.msc is essentially a focused view of the security subset within the Group Policy framework.
What to Do If secpol.msc Is Missing
If you type secpol.msc and get an error saying the file is not found, you are likely on Windows Home edition.
Workaround 1: Check Your Windows Edition
- Press Win + R, type
winver, press Enter - The dialog shows your Windows edition
- If it says “Home,” secpol.msc is not available natively
Workaround 2: Enable It on Windows Home (Advanced)
Some users enable a limited version by running a script that installs the necessary policy templates. This is not officially supported by Microsoft and can cause instability. Proceed with caution.
Here is the script some users run in Command Prompt (as administrator):
FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")
FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")
Run each line separately. Restart after completion. This may work on some builds but is not guaranteed.
Workaround 3: Upgrade to Windows Pro
If you regularly manage security policies, upgrading to Windows 10 or 11 Pro is the clean solution. Microsoft offers a digital upgrade directly from Settings.
Who Needs secpol.msc and Why
IT Administrators
They use it to enforce password policies across machines not joined to a domain. On standalone workstations, secpol.msc is the primary tool for local security control.
Security Analysts
Auditing is a key part of security work. secpol.msc lets them configure exactly what gets logged, making it easier to detect suspicious activity.
Home Power Users
Anyone managing a shared PC at home can use secpol.msc to restrict what other users can do. Prevent unauthorized shutdowns, enforce password rules, or hide login usernames.
Developers and Testers
Setting up secure test environments often requires fine-tuning local policies. secpol.msc makes this quick without needing Active Directory.
Best Practices When Using Local Security Policy
- Always back up your current settings before making changes. Export via
secedit /export /cfg backup.cfgin Command Prompt. - Test changes on a non-production machine first if you are in a work environment.
- Document every change you make. Future you will thank present you.
- Do not lock yourself out. Setting an overly aggressive lockout policy on your only admin account can trap you out of your own machine.
- Restart or run
gpupdate /forcein Command Prompt after making changes to make sure they apply immediately.
For deeper understanding of how Windows security policies interact with Active Directory environments, the SANS Institute Windows Security Resources offer excellent reading.
Common Errors and Fixes
| Error | Cause | Fix |
|---|---|---|
| “Windows cannot find secpol.msc” | Windows Home edition | Use the DISM workaround or upgrade to Pro |
| “Access denied” when opening | Not running as admin | Right-click and choose “Run as administrator” |
| Changes not applying | Group Policy not refreshed | Run gpupdate /force in Command Prompt |
| Settings greyed out | Domain policy is overriding local | Contact your domain administrator |
| secpol.msc opens blank | Corrupted MMC snap-in | Run sfc /scannow in elevated Command Prompt |
Summary
Opening Local Security Policy using secpol.msc is straightforward. Press Win + R, type secpol.msc, and press Enter. That gets you in within two seconds.
Once inside, you have powerful control over passwords, account lockouts, user rights, and audit logging. It is a focused, practical tool for anyone serious about Windows security.
It only works on Windows Pro and Enterprise editions. If you are on Home, you either need a workaround or an upgrade.
Use it responsibly. Small changes in security policy can have big effects on how your system behaves and who can access what.
Frequently Asked Questions
Can I open secpol.msc without administrator rights?
No. You need an administrator account to open and use Local Security Policy. Standard user accounts will either get an access denied error or the tool will open with no ability to make changes. Always run it from an admin account.
Does secpol.msc work on Windows 11?
Yes. secpol.msc works on Windows 11 Pro, Enterprise, and Education editions. The interface looks slightly updated compared to Windows 10 but all the same settings and categories are present. The methods to open it are identical.
Will changes in secpol.msc affect all users on the machine?
Most settings apply machine-wide, meaning they affect all user accounts on that computer. Some settings under User Rights Assignment are specific to which groups or accounts you assign them to. Always review who a setting applies to before saving it.
How do I reset Local Security Policy to default?
Open Command Prompt as administrator and run secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose. This restores all local security policy settings to Windows defaults. Be careful, as this will undo any custom configurations you have made.
Is secpol.msc the same as Group Policy?
Not exactly. secpol.msc is a subset of Group Policy focused only on security settings. Group Policy Editor (gpedit.msc) covers a much wider range of system settings including desktop behavior, software restrictions, and network settings. secpol.msc is faster and simpler when you only need to manage security rules.
