Hello all,

It is a real treat to have found this site. I am learning about group policy on my own. There are alot of pitfalls in doing this however. I have tons of books and virtual lab time in but still am left wondering and not to sure about things. I am preparing to edit GPO's for the security features of Windows Server 2003. I plan on enabling account lock-out and password settings as well as the audit logs. From what I have read and been told several times over is that I need to edit the default policies for some features, and create new GPO's for others. Is this true? And if so what features are recommended to be changed this way. I am very confused since I thought that simply creating new GPO's and linking them would be the better way to go. Especially in the case of needing to revert back to the 'real' default GPO's at some point in time. I guess the default GPO's could be backed up and restored. Can anyone enlighten me?? Thank you for your time.

-Michael