Best practices

Use templates properly

Never edit the Setup security.inf template, since it gives you the option to reapply the default security settings.

The Setup security.inf template should never be applied through Group Policy. The Setup security.inf template should only be applied to the local computer through Security Configuration and Analysis. The Setup security.inf template is modified during installation and is unique for each computer. It contains a large amount of data and can degrade performance if is applied through Group Policy, because it periodically refreshes policy.

The Compatible template should not be applied to domain controllers. For example, do not import the Compatible template to the Default Domain or Default Domain Controller Group Policy object.

Use caution when modifying predefined templates

Instead of just modifying a predefined template, customize the predefined template and then save the changes under a different template name.

Predefined or newly-created security templates should not be applied to your computer or network without testing to ensure that the right level of application functionality is maintained.

Choose the appropriate default level of computer access

When deciding on the default level of computer access that end users will have, the determining factor is the installed base of applications that need to be supported. For more information, see Default security settings 

For more information, see Best practices for Security Configuration and Analysis and Best practices for Security Settings



© 2016 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies