Local Security Policy overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Local security policy overview

A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.

With the local security policy, you can control:

  • Who accesses your computer.

  • What resources users are authorized to use on your computer.

  • Whether or not a user or group's actions are recorded in the event log.

How policy is applied to a computer that is joined to a domain

If your local computer is joined to a domain, you are subject to obtaining security policy from the domain's policy or from the policy of any organizational unit that you are a member of. If you are getting policy from more than one source, then any conflicts are resolved in this order of precedence, from highest to lowest:

  • Organizational unit policy

  • Domain policy

  • Site policy

  • Local computer policy

When you modify the security settings on your local computer using the local security policy, then you are directly modifying the settings on your computer. Therefore, the settings take effect immediately, but this may only be temporary. The settings will actually remain in effect on your local computer until the next refresh of Group Policy security settings, when the security settings that are received from Group Policy will override your local settings wherever there are conflicts. The security settings are refreshed every 90 minutes on a workstation or server and every 5 minutes on a domain controller. The settings are also refreshed every 16 hours, whether or not there are any changes.

For more information, see Local Security Policy.