Account Policies

• The Domain Security Policy can control the behavior of various user account attributes. These include password, lockout and Kerberos, which is related to authentication for remote access.
  
  

Local Policies

• The Domain Security Policy has settings available for local-level security. These include auditing and user rights but also extend to granular options such as system services, the registry, the file system and event log.
  
  

Editing

• The Domain Security Policy is edited with the Group Policy Editor, which is used for all group policy objects. This can be accessed on the "Group Policy" tab of the properties of the respective domain object, in the "Active Directory Users and Computers" section of "Administrative Tools."
  
  

Precedence Hierarchy

• The Domain Security Policy has the second-highest priority in terms of application precedence. It takes priority over and will overwrite Local and Site policies, but can be superseded by Organizational Unit policies.