Export (0) Print
Expand All
4 out of 5 rated this helpful - Rate this topic

Best practices for Security Settings

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Be cautious when creating new policies

  • Always test a newly-created policy on a test computer before applying it to your network.

Be aware that more than one policy can be applied to a computer

  • Because of this, there can be conflicts in security policy settings. The order of precedence from highest precedence to lowest precedence is:

    1. Organizational unit

    2. Domain

    3. Local computer

    For more information, see Applying security settings.

  • You can use Resultant Set of Policy to find out what policies apply to a certain computer. For more information , see Resultant Set of Policy.

Keep in mind that there can only be one account policy in a domain: the Default Domain Policy

For more information, see Account and local policies.

Apply templates appropriately

  • Do not apply the Compatible template to Domain Controller computers. For example, do not import the Compatible template to Default Domain Policy or Default Domain Controller Policy.

  • Do not apply the Setup security template through Group Policy.

Use the correct tools for configuring local policy

  • For local security policy, use the Local Security Policy shortcut for editing and fine-tuning security policy. Use Security Templates to create a local policy and then use Security Configuration and Analysis to apply the policy.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.