Homelab Group Policy Setup

Group policies can be a complex topic, requiring a lot of TLC in production.
My example is a bad one. But I want it quick for a homelab group policy setup, and if it’s dirty, I don’t mind.

Homelab Group Policy Setup

I’m working with the Default Domain policy, but you would create a new policy object for each setting in production.
Let’s start. Search for “group”:

Open the forest, the domain, and the folder for the object, and you’ll see two objects already inside.
Right-click the Default Domain Policy to edit it:

The first setting I’m changing is the password policy.
This is the original setting in Computer/Policies/Windows/Security/Account/Password:

I’m right-clicking the first value and unchecking it:

That’s what it looks like now:

Next is Computer/Policies/Windows/Security/Local/Security Options and enable User Account Control: Run all administrators in Admin Approval Mode

At Computer/Policies/Windows/Security/Windows Defender Firewall, disable to domain profile (again, we’re not in production)

At the same place, we could adjust the max file size and the retention period of the event log.
As I use professional IT management tools from my employer, I could reduce the retention to one day, but it’s too much work right now.

Let’s change to Computer/Policies/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection and disable real-time:

WSUS Settings

Scroll all down to Windows Update to adjust a few settings.
Enable “Turn on recommended updates” and “Configure Automatic Updates,” and apply a few changes at “Specify Intranet Microsoft…”:

Use the address of your DC, but keep the port.

That’s it, quick enough, I think.

More homelab posts: