The next step to getting my lab ready is to make some updates to my servers and computers. The fastest way to update all of my machines is to update the group policy objects (GPOs). After I update the GPO policies I am going to check the DNS configuration an make sure my domain is ready for the remaining workstations.

Updating GPO policies

Prerequisite: Creating a File and Windows Server Update Services (WSUS) Server

I am going to use group policy management console (GPMC) to update GPO policies for my domain. The first policy change I need to make is to finish enabling WSUS on my domain by mapping all of the workstations and servers to WSUS for updates. To make this change I am going to make a new GPO for the domain called WSUS settings in GPMC.

Create a new GPO in this domain
Create a new GPO in this domain and link to domain
Editing the new GPO
Editing the new GPO

Now I go to Computer configuration > Policies > Administrative Templates > Windows components > Windows Update > Specify intranet Microsoft update service location.

Configure specify intranet Microsoft update service location
Selecting the policy to update

First, I map the domain servers and workstations to my WSUS server, I need to enter the address for my WSUS server. Then I enable the policy so it takes effect.

Add the web address for WSUS to the right locations in the policy
Adding the web address for my internal WSUS

Next, I need to configure the schedule for automatic updates. This sets all the machines to download updates from the internal WSUS and selects the desired behavior. I set the Configure Automatic Updates setting to make this change.

Configure automatic updates in GPO
Setting automatic updates in GPO

Update Policy for Add/Remove Features

I need to make one more change related to WSUS. Right now WSUS is only used for software updates, but I also need to map workstations and servers to WSUS for adding and removing features. That is in Computer configuration > Policies > Administrative Templates > System > Specify settings for optional component installation and component repair.

Mapping add/remove features to internal WSUS
Mapping add/remove features to internal WSUS

That’s it for the WSUS GPO. Now my workstations will map to the internal server for updates and features. Next I need to check DNS settings. I am going to use the DNS manager in RSAT for this.

Opening screen of DNS manager
DNS Manager for my domain

First, I am going to set the server to only listen on the IPv4 interface for DNS queries. Then I am going to check the DNS forwarders and make sure it is using the Pi-hole in the DMZ.

Selecting interfaces for DNS listeners
Selecting the IPv4 interface for DNS listeners
Checking DNS forwarders
Checking DNS Forwarders

My DNS is configured and working as expected. Now that my domain is ready for workstations. Before I add workstations though, I am going to add one more service: Email.

Next: Setting up an Email Server
Previous: Creating a File and Windows Server Update Services (WSUS) Server