Group policies in Windows are one of the most used and key tools in effectively managing a domain environment. It provides the administrator with many options, starting from to automating certain tasks to allow/deny certain options. Many administrator use group policies to standardize the operating environment within the domain.
By default in an Active Directory environment one could see two different type of group policies.
Default Domain Controllers Policy
Default Domain Policy
The default domain controllers policy is used to enforce and set policies to all the domain controllers within the domain environment. This is a way to enforce proper security as well as set the necessary options to all domain controllers within the environment. By default the, the default domain controllers policy is applied to the Domain controllers OU within the Active Directory.
The default domain policy is used to apply policies to al sort of objects under the domain. This is applicable to all objects and OU’s by default.
As a best practice, Microsoft recommends to leave both the default domain controllers policy and the default domain policy as it is and create new policies as required for the organization purpose.