The diference between secpol.msc and gpedit.msc

webmaster's picture

Whenever you make changes in start-program-A.tools-Local security policy,  e.g. in a/c policy settings, you found the same settings reflect to groupsecurity policy gpo. i.e. Group security policy gpo inherits from local security policy.  But if i edit group gpo,  the "local security policy" does not change. What is the relation between gpedit.msc & secpol.msc

Gpedit.msc and secpol.msc both are tools for administering system and security policies on your computer. The difference between the gpedit.msc and secpol.msc is most visible on the scope of policies which those tools can edit. To start explaining the difference, we can say that the secpol.msc is a subcategory of gpedit.msc.

What is gpedit.msc?

Gpedit.msc is a file name for the Group Policy Editor console. The Group Policy Editor console is mostly a graphical user interface for editing registry entries. Editing registry entries manually is not very easy because they are located at many places throughout computer registry. The gpedit.msc tool makes the administration of registry easier.

Registry settings (or more precisely their collections) are known as policies thus the name Group Policy Editor. Policies are used to write to a special key of the registry and override any settings elsewhere in the registry. Group policies are stored in a special hidden folder


Your SystemRoot is most likely C:\Windows or C:\WinNT. Policies that apply to the computer are stored in a sub-folder named Machine and policies that apply to users are stored in a sub-folder called User. The file that holds your settings is named Registry.pol in both cases.

What is secpol.msc?

Secpol.msc is another Windows module that is also used for administration of system settings. Secpol.msc or Local Security Policy Editor in layman's terms is a smaller brother to the Group Policy Editor. The secpol.msc is used to administer a subgroup of what you can administer using the gpedit.msc.

While group policies apply to your computer and users in your domain universally (see the Active Directory page for more details about domains) and are often set by your domain administrator from a central location, local security policies, as the name suggests, are relevant to your particular local machine only. The picture below illustrates the difference:


Centro Práctico - LEMUR SOLUTION