Security Policy Settings Reference

Updated: October 18, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations. Applicable operating system versions are listed on each policy setting description.


This reference focuses on those settings that are considered security settings. This reference examines only the settings and features in the Windows operating systems that can help organizations secure their enterprises against malicious software threats. Management features and those security features that are not configurable by administrators are not described in this reference.

Each policy setting described contains referential content such as a detailed explanation of the settings, best practices, default settings, differences between operating system versions, policy management considerations, and security considerations that include a discussion of vulnerability, countermeasures, and potential impact of those countermeasures.

For each grouping of policies, an overview topic describes the general use and implementation of those policies and provides links to related topics.

The information that is provided within this reference should help you and members of your organization understand the implementation and countermeasures for security polices that are available in the named versions of the Windows operating system.

Contents of this guide

This guide consists of the following sections that contain descriptions of the settings that you should consider while planning the security policy for your organization.

Account Policies

This section discusses the settings that are applied at the domain level: password policies, account lockout policies, and Kerberos authentication protocol policies.

Audit Policy

This section provides information about the security audit policy settings under Security Settings\Local Policies\Audit Policy that provide broad security audit capabilities for client computers and servers that cannot use advanced security audit policy settings.

Security Options

This section provides guidance about how to configure the variety of settings specific to security on the local computer:

  • Accounts

  • Audit

  • DCOM

  • Devices

  • Domain controller

  • Domain member

  • Interactive logon

  • Microsoft network client

  • Microsoft network server

  • Network access

  • Network security

  • Recovery console

  • Shutdown

  • System cryptography

  • System objects

  • System settings

  • User Account Control

Advanced Security Audit Policy Settings

This section provides information about advanced security audit policy settings, which allow administrators to use audit policies to help monitor and enforce business rules.

User Rights Assignment

This section provides information about the User Rights Assignment security policy settings that are available in the Windows operating system.

Additional resources