Windows 8's Local Security Policy Editor

Gpedit has a little sister called Secpol in Windows 8. Secpol controls the security subset of local group policies.

Windows 8 Group Policy Strategy

If you have Active Directory then you don't need Secpol because you can use the GPMC (Group Policy Management Console) on the domain controller. However, if you are checking or configuring security settings on a Windows 8 computer in a Workgroup or HomeGroup then you need the Local Security Editor - secpol.msc.

Launch Windows 8 Secpol.msc

When you want change a security setting this is how you launch the Local Security Policy Editor.

1. Click on the Start orb, and in the search dialog box type: secpol.msc
   Note: Remember to type the .msc file extension, otherwise Windows 8 can't find the snap-in.
2. When secpol.msc appears in the search results, consider creating a shortcut by right-clicking and choosing either 'Pin to Taskbar', or 'Pin to Start Menu'.
3. Navigating through the security settings is as easy as finding files and folders with Windows Explorer.

Types of Group Policy Settings

To get a feel of this snap-in, the most interesting policies are under the Security folder - see screenshot.

However there are also policies for other aspects of security, for example: passwords, networks, auditing, and settings the Windows Firewall.

Problem: Cannot Find the Windows 8 Secpol.msc

A common problem is that even though you type precisely secpol.msc, Windows 8 cannot find secpol.msc. The most likely cause is that you have the Home Premium edition. It's most disappointing that you only get secpol.msc in the Ultimate, Professional (old Business) and Enterprise editions, and not in the Windows 8 Home Premium or Basic editions.

Another common problem is that you forget to type the .msc file extension. Windows 8 cannot find secpol unless you append the .msc file extension.

Other your problem launching the group policy editor could be a plain typo, you type seckpl.mcs or some other anagram of secpol.msc. Another troubleshooting technique is to try typing 'gpedit.msc' and use the 'big brother'.

Windows 8 Secpol Case Study

How To Stop Idiots Remotely Shutting Down Computers

Scenario
You have an immature person on your network who thinks it's funny to keep shutting down other people's machines by abusing 'Shutdown -s'.

Solution: configure a security policy to prevent 'Force Shutdown From a Remote Machine'.

Launch GPMC or SECPOL.MSC
Navigate to Local Policies, User Rights Assignment.
Seek 'Force shutdown from remote system'.

Experiment by assigning just your account, rather than all administrators.

Storing Microsoft's Windows 8 Group Policies

Windows 8 Group Policies, created by secpol.msc are stored in a special hidden folder
%SystemRoot%\System32\GroupPolicy\

Actually there are two sub-folders where you will find the registry.pol files:
..\GroupPolicy\Machine and ...\GroupPolicy\User. The names of these files remind us that virtually all group policy settings affect settings in the registry.

Incidentally, the environment variable %SystemRoot% usually translates to C:\Windows.

Summary of Windows 8 Secpol.msc - Local Group Policy Editor

Microsoft supplies a Local Policy Editor so that you can change security settings without resorting to regedit. If you are already familiar with gpedit.msc or GPMC, then secpol.msc is a subset.

If you are troubleshooting why secpol.msc does not seem to exist in your copy of Windows 7, then the reason is probably that you have the Home Premium version; unfortunately you need to upgrade, or else try another machine that does have the Ultimate Edition.

Guy Thomas is a computer consultant and writer with attitude and a great sense of humor.