My Default Domain Policy (GPOs)

Modify Group Policy’s refresh interval to 15mins

Edit Group Policy at your desired OU

Computer Configuration > Policies > Administrative Templates > System > Group Policy > Set Group Policy refresh interval for computers > Enable

This setting allows you to customize how often Group Policy is applied.

Minutes: 10 

This is a random time added to the refresh interval to prevent all clients from requesting Group Policy at the same time.

Minutes: 5

Do the same for User Configuration

User Configuration > Policies > Administrative Templates > System > Group Policy > Set Group Policy refresh interval for users > Enable

Note default Group Policy refreshes every 90 minutes and 5 minutes for domain controllers (DCs).

Set Time Zone via Group Policy

Computer Configuration > Preferences > Windows Settings > Registry > Right-click New > Registry Wizard > Local Computer (with time zone already set) > Local Computer > Next

 

Navigate to below location and select all under TimeZoneInformation

\HKLM\System\CurrentControlSet\Control\TimeZoneInformation\

 

Run startup scripts asynchronously

Computer Configuration > Policies > Administrative Templates > System > Scripts> Run startup scripts asynchronously

 

Desktop Wallpaper Using Group Policy (GPO)

User Configuration > Policies > Administrative Templates > Desktop > Desktop Wallpaper > ‪\\ad\SYSVOL\xxx.domain.com.sg\DesktopPictures\BeautifulDesktop.jpg

Enable Firewall for RDP (3389)

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Double-click Windows Firewall: Allow inbound Remote Desktop exceptions > * for all IP

Enable Firewall for ICMP

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Double-click Windows Firewall: Allow ICMP exceptions > Allow inbound echo request

Enable RDP via GPO

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. Allow users to connect remotely using Remote Desktop Services > Enabled

Install security certificate with GPO

Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies > Trusted Root Certification Authorities > and then click Import.