Local GPO on non-domain-joined Windows 10

I'm trying to get some clarification on how local GPOs work on Window 10. According to Microsoft's Configure Security Policy Settings page

You must have the appropriate permissions to install and use the Microsoft Management Console (MMC), and to update a Group Policy Object (GPO) on the domain controller to perform these procedures.

The impression I get from this is that a domain policy is necessary. Otherwise, why would an admin need domain permissions?

The computer in question is not joined to a domain. Will the local GPO still be applied or does it depend on a domain-level policy before the local policy can take effect?


You must have Administrators rights on the local device, or you must have the appropriate permissions to update a Group Policy Object (GPO) on the domain controller to perform these procedures.

That paragraph (and the one you quoted) doesn't make a very clear distinction between the two scenarios and could leave some people to assume that both conditions need to be met.

If you're doing this on a computer that is not domain joined (as in your case) then you need local Administrators rights on the computer in question. No Domain rights are needed or required (naturally because the computer isn't domain joined.

Log onto the computer with a user account that is a member of the local Administrators security group and launch the local Group Policy editor to make your desired changes. Changes you make will be applied to the computer.