Local Security Policy is a part of Local Policy, it focuses on Security Policies in Windows .

- Start> type Administrative Tools>  Local Security Policy
- Start> Run> type secpol.msc 

Let's watch the video :

Part 1 :

Part 2 :

Local Policy

11:51:00 PM | 0 Comments

Policy is a rule that we apply to a computer (User and Group, also) and tell them "Do this, not do that"
For example, I don't want user A access drive C, so I set a rule to suit my need.

Local Policy, as I said before "Local" means these rules will affect locally, only to a computer which you configured .

To use Policy, we use a tool call Microsoft Management Control :
- Start > Run > type MMC (not case-sensitive)
- File > Add/Remove Snap-ins ...

Now, let's watch my video , it's more useful than words ^^ :

So, "Group Policy" Configuration file is hosted in C:/Windows/system32

Thanks for visiting my Blog, see ya later !
I) Local User Account :

- "Local" means if user A has an account on computer 1, he cannot use it to access computer 2 ... His account just only use for computer 1 .
- In a company, there many people, they do different job, most of them concern to computer . User A access computer 1 and write his report, user B also use computer 1 to prepare for her project . If both of them use the "same place" on computer 1, probably they can affect their job (A may delete B's date, or change it ...if he hates her - maybe) .

There is a solution that they use different computers, but it's not cost-effective .
So "User Account" has been created to save our money. Now, user A can be represented by an object called uA and user B -> uB . They have "different account, different place" on the same computer .

Problem Solved !

- By doing this, Administrator can easily manage users, by give them some specific rights - can & cannot do some things . For example : Admin give user A the right to access web browser, but he cannot view any pictures on Website .

LAB : I use Windows Server 2008 Enterprise , to create user, delete user ... blah blah, let's see :

II) Local Group :

In a company , there're 10 users do the same job, and have the same rights .
It's unreasonable when Admin need to do the job : "give the rights to each of them" : 10 times.
So, 10 users will join to a Group, what Admin needs to do is just give the rights to that Group .

Time-effective !

 LAB : I will create a group, join user to that group ... check it out :