Caution with Default Domain Policy

by Mitch Tulloch [Published on 25 May 2005 / Last Updated on 25 May 2005]

Describes best practice for using the Default Domain Policy.

Be careful when you configure the settings in the Default Domain Policy. Every setting you configure in this GPO applies to every user and computer account in the domain unless these settings are overwritten by other domain GPOs having higher precedence or by GPOs linked to OUs. In particular, settings you configure in the Default Domain Policy will apply to your domain controllers unless they are overwritten by settings in the Default Domain Controllers Policy.


Moral of the story is: go ahead and configure account policies in the Default Domain Policy, but don’t configure any other settings in this GPO or in any GPOs linked to the domain.

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links