If you belong to the comparatively small group of users who use Windows in the Pro edition, then be careful: your operating system has more functions than you probably know and use. It is widely known that Windows Pro, in contrast to Windows Home (in Windows 8, “Home” is called “Core”), includes full Bitlocker drive encryption. In addition, the Group Policy Editor (gpedit.msc) is reserved for Windows Pro. And – drum roll! – For example, a gpedit.msc-related utility lies dormant in Windows 10/11 Pro: “Secpol”. You call up the on-board tools by pressing Windows-R and the command secpol.msc Enter. “Secpol” is not available under Windows Home/Core. Anyone who would try to call it using the Win-R/Run dialog window would be confronted with an error message. If necessary, to query the operating system used, enter “winver” in the Win-R environment. The Winver on-board tool that pops up will then inform you whether your machine is running Windows 10 Pro, Windows 11 Home or Windows 7 Ultimate. The latter OS also contains “Secpol”.
Windows 11 license for 14.90 euros
Get a license key for Windows 11 from Lizensio – for 14.90 instead of 145 euros (Home) or instead of 259 euros (Pro). You save up to 94 percent compared to the RRP!
What is Secpol? That’s what lies behind it
“Secpol” also operates under the name LSP, the acronym stands for Local Security Policy. This is what “Secpol” would be called if you were to run it in an English-language Windows operating system; see the title bar for a corresponding installed OS. When it comes to the user interface, “Secpol” is structured similarly to gpedit.msc. While you use the latter group policy editor to change all kinds of Windows settings, you use “Secpol” to intervene in security-related matters. There is no need to make system adjustments manually using the registry editor “regedit.exe” or automatically using batch scripts.
What Gpedit and “Secpol” have in common is that you can find various system tweaks (settings change options) in a graphical user interface and activate and deactivate them with mouse clicks. Regedit is more cryptic. All three on-board programs are nested.
How to use secpol.msc: Tips for securing Windows with the tool
The powerful on-board tool “Secpol” usually sails under the radar. If you want to administer your operating system, simply wake it up by calling the RAM. Afterwards, it’s time to go on a discovery tour (or follow instructions published online using the tool).
Photo: COMPUTER BILD
It is advisable to explore “Secpol”: If you have a suitable operating system, click through this environment. With just a few mouse interactions, you can call up the areas that seem interesting to you, read the associated descriptive texts and intervene where appropriate.
Define minimum length for passwords
Under “Account Policies > Password Policies” you will find the reference “Minimum password length”. If you double-click at this point, a window opens in which you can define a number for the minimum number of characters for new user account passwords.
Change the UAC level and thus (de)activate the secure desktop
Since Windows Vista, Microsoft operating systems have included user account control. It prevents unwanted system modifications and, for this purpose, displays a warning message when software is administratively loaded into RAM. Since Windows 7, the protection function, also known as UAC, has had different levels. Ex works it works at the second highest of four possible levels. Here, the UAC already uses the so-called secure desktop for its warning pop-ups that can be confirmed or denied. Other programs can no longer be used until you have clicked away the UAC annoyances (system modal window – apart from that, hardly any window in Windows is now so attention-grabbing – “system modal”).
You can regulate whether the secure desktop should be used or not in the UAC configuration dialog that has existed since Windows 7 and is internally referenced as “userAccountControlSettings.exe”. Furthermore, you model this in “Secpol”: It is possible to switch down one level from the second highest UAC level and thus deactivate the secure desktop. If you want to do this, click on “Local Policies > Security Options > User Account Control: Switch to secure desktop when prompted for elevated rights” in the “Secpol” GUI/interface. In the window that pops up you can set “Activated” or “Deactivated”.
