Why you don't edit the Default Domain Policy

In case you don't know, Microsoft doesn't recommend editing any of the default policies. There is a very good reason for it, too. Amazing things can happen and break when you assign user rights on servers via GPO.

Watch me rack my brain and bang my head against a wall with an Exchange installed turned IIS issue turned default domain policy issue.

http://forums.thelazyadmin.com/viewtopic.php?t=296