Best practices for Security Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
- Always test a newly-created policy on a test computer before applying it to your network.
Because of this, there can be conflicts in security policy settings. The order of precedence from highest precedence to lowest precedence is:
Organizational unit
Domain
Local computer
For more information, see Applying security settings.
You can use Resultant Set of Policy to find out what policies apply to a certain computer. For more information , see Resultant Set of Policy.
For more information, see Account and local policies.
Do not apply the Compatible template to Domain Controller computers. For example, do not import the Compatible template to Default Domain Policy or Default Domain Controller Policy.
Do not apply the Setup security template through Group Policy.
- For local security policy, use the Local Security Policy shortcut for editing and fine-tuning security policy. Use Security Templates to create a local policy and then use Security Configuration and Analysis to apply the policy.