The Local Security Policy is a roster of security settings that you can use to configure Windows for stronger security than the standard Control Panel options allow.
The security settings that you can change through the Local Security Policy include options to enforce password rules. For example, you can tell Windows to lock users out if they cannot type the correct account password within three attempts, as outlined here. Other password options that enable you to strengthen system security include Minimum Password Length and Password Must Meet Complexity Requirements.
1 Click Start.
2 Type local security policy in the Search box.
The Start menu displays a list of programs that match what you typed.
3 Click the Local Security Policy link in the Start menu.
Note: If prompted, type the administrator password or click Continue.
The Local Security Policy window opens
4 Double-click Account Policies.
5 Double-click Account Lockout Policy.
6 Double-click Account Lockout Threshold.
• The Account Lockout Threshold Properties dialog box opens.
7 Using the spin box, specify how many invalid logon attempts must occur for Windows to lock out the user.
8 Click OK.
• The Suggested Value Changes dialog box opens, indicating other settings that will be adjusted to accommodate the change (here, Account Lockout Duration and Reset Lockout Counter After).
9 Click OK.
Tips
More Options!
To access the Minimum Password Length and Password Must Meet Complexity Requirements settings, open the Local Security Policy window, double-click Account Policies, and double-click Password Policy. Other available settings include Enforce Password History, which prevents users from re-using old passwords for a specified period of time, and Maximum Password Age, which specifies the maximum number of days a user can employ the same password.
More Options!
In addition to changing password-related settings, the Local Security Policy also enables you to configure audit policy settings such as Audit Account Management (this enables you to determine whether someone changed an account name, changed a password, and so on), Audit Logon Events (this reveals whether someone has logged on to your computer), and more. To view the logs of any policies you have audited, use Event Viewer.
