Describes best practice for using the Default Domain Policy.
Be careful when you configure the settings in the Default Domain Policy. Every setting you configure in this GPO applies to every user and computer account in the domain unless these settings are overwritten by other domain GPOs having higher precedence or by GPOs linked to OUs. In particular, settings you configure in the Default Domain Policy will apply to your domain controllers unless they are overwritten by settings in the Default Domain Controllers Policy.
Moral of the story is: go ahead and configure account policies in the Default Domain Policy, but don’t configure any other settings in this GPO or in any GPOs linked to the domain.
About Mitch Tulloch
Mitch Tulloch was lead author for the Windows Vista Resource Kit from Microsoft Press, which is the book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch was also the author of Introducing Windows Server 2008 and technical project lead for the Microsoft Office Communications Server 2007 Resource Kit, both books also from Microsoft Press. For more information on these and other books by Mitch, see www.mtit.com .
Article not looking right or info is missing? Let us know so that we can fix it: .
