Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Best practices for Security Settings

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Be cautious when creating new policies

  • Always test a newly-created policy on a test computer before applying it to your network.

Be aware that more than one policy can be applied to a computer

  • Because of this, there can be conflicts in security policy settings. The order of precedence from highest precedence to lowest precedence is:

    1. Organizational unit

    2. Domain

    3. Local computer

    For more information, see Applying security settings.

  • You can use Resultant Set of Policy to find out what policies apply to a certain computer. For more information , see Resultant Set of Policy.

Keep in mind that there can only be one account policy in a domain: the Default Domain Policy

For more information, see Account and local policies.

Apply templates appropriately

  • Do not apply the Compatible template to Domain Controller computers. For example, do not import the Compatible template to Default Domain Policy or Default Domain Controller Policy.

  • Do not apply the Setup security template through Group Policy.

Use the correct tools for configuring local policy

  • For local security policy, use the Local Security Policy shortcut for editing and fine-tuning security policy. Use Security Templates to create a local policy and then use Security Configuration and Analysis to apply the policy.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft