Default domain policy

P

Pete

Hi there,
we've just created a new default domain policy because ours became corrupt
(we used a tool called 'RecreateDefPol.exe').

We're not going to alter this policy as I've read that it's not good
practice to do so. Anyway, we've put a link to the policy at the domain
level so that it looks like it did when the domain was first installed.

What I want to know is, if we don't alter the policy is there any point in
running it? Should we disable it or better still just take out the link to
it?

Advice appreciated
Thanks
Pete
 
C

Curtis Clay III [MSFT]

It is recommended that you create an new GPO if there are nay changes you
want to implement that are not already presernt in the defualt domain
policy. If you have a reliable backup and restore plan then editing the
default GPO will not be an issue. That policy has some relevance in your
domain as shown below. Disabling it would leave you at the mercy of all the
local machine policies (workstation) on your domain. No centralized control
of your domain security.

226243 HOW TO: Reset User Rights in the Default Domain Group Policy
http://support.microsoft.com/?id=226243
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Default Domain Policy 2003 7
Default domain policy is corrupt! help 3
2003 Group Policy Default Domain Policy 2
local security policy does not get applied 2
password local policy in domain 2
When to use default domain controllers policy? 1
Default domain policy 6
Default Domain Controllers Policy 8

Top