Tweak Group Policy in a Windows Server 2008 Laboratory Environment

Written by Denis Stadler on . Posted in Windows Server 2008

In a previous post I have described how I have built an IT Laboratory. The challenge was to automate some settings on each server in order to be able to deploy faster the entire laboratory. So after I installed the Domain Controller I decided to modify some of the Default Domain Policy settings in order to make my life easier :). I am going to describe below what I changed and how I did it, in a walk-through style.

To get started with, just open the Group Policy Management Tool, expand your Forest, then Group Policy Objects and then right click on Default Domain Policy and click on Edit.

I will group the changes into the Default Group Policy as follows:

Password Policy

Please navigate to Windows Settings under Computer Configuration, and then to Policies. Here expand Security Settings and then Account Policies and just click on Password Policy. Here modify the following policies to Not Defined:

  • Enforce password history
  • Maximum password age
  • Minimum password age

Purpose: By default all the passwords in Windows 2008 Server are expiring in 42 days. This can be a little bit annoying in a laboratory environment.

Windows Firewall

Just navigate to Windows Settings under Computer Configuration, and then Policies. Here expand Security Settings and then click on Windows Firewall with Advanced Security. Right click the firewall entry, then click on Properties, and disable the Domain Profile Firewall state.

Purpose: To facilitate the use of other software/services like: SQL – port 1433, RDC – port 3389 etc. Please do not do this on a production environment!!!

The Shutdown Event Tracker

Navigate to Windows Settings under Computer Configuration, Policies. Here expand Administrative Templates: Policy Definitions… and then System. Here modify the following policy to Disabled:

  • The Shutdown Event Tracker

Purpose: The system won’t ask you for a reason/comment every time when you restart / shutdown the Windows 2008/2003 Server.

Enable Remote Desktop Services

Below the System folder within the Administrative Templates: Policy Definitions… section you will find a folder called Windows Components. Expand it and then navigate through: Remote Desktop ServicesRemote Desktop Session HostConnections. Here modify the following policy to Enabled:

  • Allow users to connect remotely using Remote Desktop Services

Purpose: Enable RDC.

Windows Update

In Windows Components below Remote Desktop Services navigate to Windows Update folder. Please expand it. Here configure the following policy:

  • Configure Automatic Updates

Here I’m always choosing option 2- Notify for download and notify for install. It is a laboratory and I don’t have infinite disk space. :)
Purpose: Configure Windows Updates.

Time Zone

Unfortunately there is no GP setting for this. But we have another option: tzutil.exe – a command line utility available in Windows Server 2008 and Windows 7. Use tzutil /l to see all the available time zones options within the system.

Then navigate to Windows Settings under Computer Configuration, Policies. Here expand Scripts (Startup / Shutdown) and then click on Startup. In the new opened window click Show files.

Here you have to create a new BAT file which has to contain the following command (please replace FLE Standard Time with your time zone):

tzutil /s “FLE Standard Time”

Then just use the Add button within the Startup properties window to add the newly created file as start-up script.
Purpose: Configure Time Zone.

These policies should automatically be applied when you join a server to the domain, but you can manually force them using the following command (from a Command Prompt):


Tags: , , , , , , ,

Trackback from your site.

Denis Stadler

I'm a technology enthusiast, with more than 10 years of experience in SharePoint and Dynamics CRM projects. To find more details about, please visit the about me page.

Comments (1)

  • Jellyfish


    didn’t work for timezone setting


Leave a comment