Default domain policy



Hi there,
we've just created a new default domain policy because ours became corrupt
(we used a tool called 'RecreateDefPol.exe').

We're not going to alter this policy as I've read that it's not good
practice to do so. Anyway, we've put a link to the policy at the domain
level so that it looks like it did when the domain was first installed.

What I want to know is, if we don't alter the policy is there any point in
running it? Should we disable it or better still just take out the link to

Advice appreciated



Curtis Clay III [MSFT]

It is recommended that you create an new GPO if there are nay changes you
want to implement that are not already presernt in the defualt domain
policy. If you have a reliable backup and restore plan then editing the
default GPO will not be an issue. That policy has some relevance in your
domain as shown below. Disabling it would leave you at the mercy of all the
local machine policies (workstation) on your domain. No centralized control
of your domain security.

226243 HOW TO: Reset User Rights in the Default Domain Group Policy

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads