Hi All,
When we were designing our Win 2003 AD about this time last year, we were advised by our MCS consultant to copy the default domain and default domain controller policies, and then customise, rather than customising the default ones themselves. Subsequently now we are in production, we have had a small DNS zone transfer problem which we escalated to Microsoft and the response from the engineer included a change to the "Manage auditing and security log" policy on the DCs.. No problem.. But he then went on to say
"Looking at the policy setup it could be either as I notice that the default domain controller policy is disabled and replaced with a home grown one. (As an aside that definitely not best practice - the two default policies have well know GUIDs and some security mechanisms rely on writing effective settings to those policies.)"
I was wondering if anyone had any comments on that - as I thought we were doing the right thing - but I can't find any documentation to back up why we were doing it...
Regards
Stephen Wilkinson
Tel +44(0)207 4759276
Mobile +44(0)7973 143970
E-Mail: [EMAIL PROTECTED]
--------------------------------------------------------------------------------
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express
written permission of the sender. If you are not the intended recipient, please
contact the sender either via the company switchboard on +44 (0)20 7623 8000, or
via e-mail return. If you have received this e-mail in error or wish to read our
e-mail disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
--------------------------------------------------------------------------------
