Table of Contents
Overview
This post will contain a listing of Group Policies, in no particular order, that I like to set up. For reference, I generally follow C_ for computer objects and U_ for user objects. If there is a policy that applies to both, I will use CU_.
I like to get these built before I add computer objects to the domain, but sometimes that does not happen. If you add a computer object before a policy is created, you can wait for the policy to apply by default, reboot the computer or server two times (one to obtain the policy and the other to apply), or force an update by using gpupdate on the new computer or server.
Open Group Policy Management
All Group Policies are configured using the Group Policy Management Microsoft Management Console (gpmc.msc).
Open Group Policy Management and navigate to the Group Policy Objects under the domain.
Ensure the policy gets applied to the correct OU. Also, ensure that a policy affecting Users is applied to an OU containing Users and a policy affecting Computers is applied to an OU containing Computers. See the next section for the Loopback policy where the application rules can be altered.
Loopback Policy
The Loopback Policy will affect the processing of the policy to only where the computer object is located. This policy only needs to be applied once and it will affect all the policies.
Windows Defender Firewall with Advanced Security Policy
I choose to use the Windows Defender Firewall with Advanced Security and configure it’s use with Group Policy. A few things I configure are basic, like allowing Windows Remote administration (Remote Service Management), Remote Desktop services, and ICMP (File and Printer Sharing).
Remote Desktop Services
Minimally, I configure Remote Desktop Services be enabled and require Network Level Authentication (NLA). Same as above, don’t forget to apply the policy to the correct OU.
