In a previous post I have described how I have built an IT Laboratory. The challenge was to automate some settings on each server in order to be able to deploy faster the entire laboratory. So after I installed the Domain Controller I decided to modify some of the Default Domain Policy settings in order to make my life easier :). I am going to describe below what I changed and how I did it, in a walk-through style.
To get started with, just open the Group Policy Management Tool, expand your Forest, then Group Policy Objects and then right click on Default Domain Policy and click on Edit.
I will group the changes into the Default Group Policy as follows:
Please navigate to Windows Settings under Computer Configuration, and then to Policies. Here expand Security Settings and then Account Policies and just click on Password Policy. Here modify the following policies to Not Defined:
- Enforce password history
- Maximum password age
- Minimum password age
Purpose: By default all the passwords in Windows 2008 Server are expiring in 42 days. This can be a little bit annoying in a laboratory environment.
Just navigate to Windows Settings under Computer Configuration, and then Policies. Here expand Security Settings and then click on Windows Firewall with Advanced Security. Right click the firewall entry, then click on Properties, and disable the Domain Profile Firewall state.
Purpose: To facilitate the use of other software/services like: SQL – port 1433, RDC – port 3389 etc. Please do not do this on a production environment!!!
The Shutdown Event Tracker
Navigate to Windows Settings under Computer Configuration, Policies. Here expand Administrative Templates: Policy Definitions… and then System. Here modify the following policy to Disabled:
- The Shutdown Event Tracker
Purpose: The system won’t ask you for a reason/comment every time when you restart / shutdown the Windows 2008/2003 Server.
Enable Remote Desktop Services
Below the System folder within the Administrative Templates: Policy Definitions… section you will find a folder called Windows Components. Expand it and then navigate through: Remote Desktop Services – Remote Desktop Session Host – Connections. Here modify the following policy to Enabled:
- Allow users to connect remotely using Remote Desktop Services
Purpose: Enable RDC.
In Windows Components below Remote Desktop Services navigate to Windows Update folder. Please expand it. Here configure the following policy:
- Configure Automatic Updates
Here I’m always choosing option 2- Notify for download and notify for install. It is a laboratory and I don’t have infinite disk space.
Purpose: Configure Windows Updates.
Unfortunately there is no GP setting for this. But we have another option: tzutil.exe – a command line utility available in Windows Server 2008 and Windows 7. Use tzutil /l to see all the available time zones options within the system.
Then navigate to Windows Settings under Computer Configuration, Policies. Here expand Scripts (Startup / Shutdown) and then click on Startup. In the new opened window click Show files.
Here you have to create a new BAT file which has to contain the following command (please replace FLE Standard Time with your time zone):
tzutil /s “FLE Standard Time”
Then just use the Add button within the Startup properties window to add the newly created file as start-up script.
Purpose: Configure Time Zone.
These policies should automatically be applied when you join a server to the domain, but you can manually force them using the following command (from a Command Prompt):
Trackback from your site.