Should our corporate policy be to never edit the default domain policy?
Posted on 2008-10-15
Hi. I am looking for some direction in determining our corporate policy on if we will ever edit the default domain policy in our server 2003 active directory domain.
Right now I have inherited a AD setup in which the former administrator made all of his group policy changes through the default domain policy. Is this recommended? We have had numerous issues where this has negatively effected things. Is it best practice to do ANYTHING in the default policy? I thought of maybe using it to control passwords, but i cannot think of any other legitimate reason to use the default policy.
What do others do with their default domain policy? Should we not use it? I will award points for the most/best information that can be supplied.