What is the difference between gpedit.msc and secpol.msc?
What is the difference between gpedit.msc and secpol.msc?
Gpedit.msc and secpol.msc both are tools for administering system and security policies on your computer. The difference between the gpedit.msc and secpol.msc is most visible on the scope of policies which those tools can edit. To start explaining the difference, we can say that the secpol.msc is a subcategory of gpedit.msc.
What is gpedit.msc?
Gpedit.msc is a name of a Windows module or a tool that is used to administer or modify group policies. See the Group policy (Windows) page for more details.
Gpedit.msc is a file name for the Group Policy Editor console. The Group Policy Editor console is mostly a graphical user interface for editing registry entries. Editing registry entries manually is not very easy because they are located at many places throughout computer registry. The gpedit.msc tool makes the administration of registry easier.
Registry settings (or more precisely their collections) are known as policies thus the name Group Policy Editor. Policies are used to write to a special key of the registry and override any settings elsewhere in the registry. Group policies are stored in a special hidden folder
%SystemRoot%\System32\GroupPolicy\
Your SystemRoot is most likely C:\Windows or C:\WinNT. Policies that apply to the computer are stored in a sub-folder named Machine and policies that apply to users are stored in a sub-folder called User. The file that holds your settings is named Registry.pol in both cases.
See the How to edit group policy page for more details about how to edit group policies.What is secpol.msc?
Secpol.msc is another Windows module that is also used for administration of system settings. Secpol.msc or Local Security Policy Editor in layman's terms is a smaller brother to the Group Policy Editor. The secpol.msc is used to administer a subgroup of what you can administer using the gpedit.msc.
While group policies apply to your computer and users in your domain universally (see the Active Directory page for more details about domains) and are often set by your domain administrator from a central location, local security policies, as the name suggests, are relevant to your particular local machine only. The picture below illustrates the difference:
You can see that when opening the Group Policy Editor gpedit.msc, you get to see more than when opening the Local Security Policy Editor secpol.msc, and that is the major difference. The gpedit.msc is broader. The secpol.msc is narrower and focuses more on security related registry entries.
Gpedit and secpol in Windows XP/Vista HOME Edition?
Neither GPEDIT.MSC or SECPOL.MSC is available in Windows XP Home Edition or Windows Vista Home Edition or Windows Vista Home Premium Edition. This is because these versions of Windows cannot join a domain by design.
You think this is really bad, right. Both the Group Policy Editor and Security Policy Editor were designed to be used in an enterprise environment running Active Directory. These tools are just easier ways to making registry entries. Most settings that can be set using secpol.msc, gpedit.msc, and other tools are just plain registry settings. So, if you are missing gpedit.msc and secpol.msc on your computer, you can always edit the registry using the Regedit tool.
This is the place in registry where you can find policy settings that would be modified using gpedit.msc or secpol.msc:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Registry keys related to policies are spread out throughout many places in registry. This is another place where many policies can be found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
However, know that editing the registry incorrectly can make your system unstable or even unable to start. Proceed carefully when updating registry.
I need help with the difference between gpedit.msc and secpol.msc
Something is still not clear? In that case, ask us in our discussion forum.
The following articles can help your with your gpedit ideas.
Disable autorun autoplay via group policy
Disable Task Manager through group policy
Enable Ctrl+Alt+Delete logon screen using group policy
Allow shared folders to be published group policy
Allow DFS roots to be published group policy
Group policy configuration
It is easy, just include the code provided below into your HTML code.