Ok, the Domain Security Policy and the Default Domain Policy GPO has me confused.
I've read conflicting things about where password policy should be applied. I have ALWAYS defined my password policy and Account lockout policies via the Domain Security Policy snap in. I never even use the Default Domain Policy GPO.
I do all of my other settings via GPOs on OUs.
Is this normal practice?
Which takes precedence? The DOMAIN SECURITY POLICY? or the DEFAULT DOMAIN POLICY GPOy?