Customise group policies according to best practices

Customise the group policy

To change this configuration and follow the best practices, proceed as follows. The setting itself is stored in the group policy objects with names such as :
"MSFT Windows 11 22H2 - Computer". However, you should not change the object itself in order to avoid having to compare all objects individually when Microsoft updates the basic security guidelines. Leave the objects themselves unchanged and create your own instead.

  1. Create a new organisational unit in "Active Directory Users and Computers" and move the computers that are to connect to the MODA WiFi routers to this unit.
  2. Create a new group policy object in Group Policy Management and give it a name. For example "MSFT Windows 11 22H2 - Computer - Allow non Domain Network".
  3. Select a WMI filter or create a WMI filter. For example
    • Name: Windows 10 22H2 (19045)
    • Description: Limiting the scope to Windows 10 22H2
    • Name range: root\CIMv2
    • Query: SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "19045" AND ProductType = "1"
  4. Right-click on the newly created object and select: Object status -> User configuration settings deactivated
  5. Edit the settings and select :
    • Computer configuration
    • Guidelines
    • Administrative templates
    • Network
    • Windows Connection Manager
    • Do not allow connection to non-domain networks with existing connection to domain-authenticated network -> Deactivated
  6. Link the group policy object to the organisational unit and select the link by right-clicking -> Force so that this overwrites the inherited settings.
  7. Execute the gpupdate command on the computer to update the group policies.
  8. Restart the computer.
  9. It should be possible to connect the PC to the MODA WiFi router network.