I have custodianship of a 2003/XP domain system that was put together by a team, the GPO portion of which was given to the single team member who had no experience or qualification to put it together. We haven’t had the luxury of taking it apart to even look at GP in any depth to straighten out some idiosyncracies.
A tech refresh of the servers is underway. We’re going Hyper-V (2012) VMs (2008R2), and because of the existing questions of stability, we’re building the replacement domain up from scratch, including GP, rather than allowing the new DCs to inherit anything from the old.
We’ve found that the old default domain policy is almost 1-for-1 with settings vs the default domain controller policy. Since there aren’t any differences in settings, is there a technical reason to have both policies reinforcing the same things?