How To Increase Internet Speed on All Domain Computers Using Group Policy on Windows Server 2025

Introduction

Slow internet performance across domain-joined workstations is one of the most persistent complaints IT administrators face. Users experience sluggish web browsing, slow file downloads, delayed cloud application response times, and laggy video conferencing — yet the underlying network hardware is often more than capable.

The root cause is frequently not the internet connection itself, but a collection of Windows configuration defaults that actively throttle, fragment, or deprioritize network traffic. These include a reserved QoS bandwidth allocation that Windows holds back by default, suboptimal DNS resolution settings, Windows Update peer-to-peer traffic consuming bandwidth, and inefficient TCP/IP stack parameters.

The solution: Windows Server 2025 Group Policy Objects (GPOs) allow administrators to centrally enforce network performance optimizations across every domain-joined computer — without touching each machine individually. This guide covers every GPO-based technique available to maximize internet throughput, reduce latency, and prioritize user traffic on all domain computers.

Why Internet Speed Feels Slow on Domain Computers

Before jumping into GPO settings, it helps to understand exactly what slows down domain-joined machines. These are the most common culprits:

1. Remove the 20% Reserved Bandwidth Limit (QoS Packet Scheduler)

This is the single most impactful GPO setting for internet speed. By default, Windows reserves up to 20% of the total network bandwidth for the QoS Packet Scheduler, regardless of whether any QoS policies are in use. On a 100 Mbps connection, this silently limits usable bandwidth to 80 Mbps.

GPO Path

Computer Configuration > Policies > Administrative Templates > Network > QoS Packet Scheduler > Limit reservable bandwidth

Configuration

1. Open Group Policy Management Editor on WS2025-DC01.
2. Navigate to the path above and double-click Limit reservable bandwidth.
3. Set the policy to Enabled.
4. In the Bandwidth limit (%) field, change the value to 0.
5. Click Apply then OK.

2. Configure Optimal DNS Settings via Group Policy

DNS resolution speed directly affects how quickly every website loads. Each browser request starts with a DNS lookup — if that lookup takes 200ms instead of 10ms, every page load is slower. GPO allows you to enforce fast, reliable DNS servers across all domain computers.

Option A: Set DNS Servers via DHCP Scope (Recommended)

The cleanest approach is to configure fast DNS servers in your DHCP scope options on the Domain Controller. This applies to all clients automatically without a GPO needed for DNS server IP assignment.

Recommended DNS servers to configure in DHCP:

Option B: Disable DNS Devolution (Reduces Unnecessary DNS Lookups)

DNS devolution causes Windows to attempt multiple parent-domain DNS queries for short hostnames. In enterprise environments this creates unnecessary DNS traffic and latency. Disable it via GPO:

Computer Configuration > Policies > Administrative Templates > Network > DNS Client > Turn off smart multi-homed name resolution

Set to: Enabled

Option C: Enable DNS over HTTPS (DoH) for Faster Encrypted DNS

Windows 11 supports DNS over HTTPS natively. You can enforce it via GPO to improve both speed and privacy:

Computer Configuration > Policies > Administrative Templates > Network > DNS Client > Configure DNS over HTTPS (DoH) name resolution

Set to: Enabled — then set the DoH template to your preferred provider (e.g., Cloudflare: https://cloudflare-dns.com/dns-query)

3. Throttle BITS and Windows Update Background Downloads

Background Intelligent Transfer Service (BITS) is used by Windows Update and other Microsoft services to download updates in the background. Without throttling, BITS can saturate your upload and download bandwidth, causing noticeable slowdowns during business hours.

GPO Path — BITS Throttling

Computer Configuration > Policies > Administrative Templates > Network > Background Intelligent Transfer Service (BITS)

Key Settings to Configure

4. Control Windows Update Delivery Optimization (P2P Traffic)

Delivery Optimization (DO) is a Windows Update feature that uses peer-to-peer technology to distribute updates. When enabled without bandwidth limits, Windows 11 computers upload update data to other PCs on the internet and your local network, consuming significant upload bandwidth.

GPO Path

Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization

Recommended Settings

5. Optimize TCP/IP Stack Settings via GPO Startup Script

Windows TCP Auto-Tuning and Receive Window Auto-Tuning are enabled by default in modern Windows, but enterprise environments often have legacy configurations or VPN settings that disable them. A GPO startup script ensures optimal TCP settings are enforced at every boot.

Create the Optimization Script

Create the following PowerShell script and save it in your NETLOGON share or a GPO-accessible location:

# TCP-Optimize.ps1 — Run via GPO Computer Startup Script

# Enable TCP Auto-Tuning (Normal mode for LAN/WAN)

netsh int tcp set global autotuninglevel=normal

# Enable Receive-Side Scaling for multi-core throughput

netsh int tcp set global rss=enabled

# Enable Chimney Offload (offload TCP to NIC)

netsh int tcp set global chimney=enabled

# Disable TCP timestamps (reduces overhead)

netsh int tcp set global timestamps=disabled

# Enable Direct Cache Access for improved throughput

netsh int tcp set global dca=enabled

# Set ECN Capability (Explicit Congestion Notification)

netsh int tcp set global ecncapability=enabled

# Disable NetBIOS over TCP/IP (reduces broadcast noise)

$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration

foreach ($a in $adapters) { if ($a.IPEnabled) { $a.SetTcpipNetbios(2) } }

Write-EventLog -LogName Application -Source 'GPO-TCP-Optimize' -EventId 1001 \

  -Message 'TCP optimization settings applied via GPO startup script.' -EntryType Information

Deploy via GPO Computer Startup Script

• In GPMC, edit your network optimization GPO.
• Navigate to: Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
• Double-click Startup and click Add.
• Under Script Name, enter the UNC path to TCP-Optimize.ps1 (e.g., \\vmorecloud.com\NETLOGON\TCP-Optimize.ps1).
• Click OK to save.

6. Prefer IPv4 over IPv6 to Reduce DNS Lookup Latency

When IPv6 is not in use on your network (which is the case in most home lab and small business environments), Windows still attempts IPv6 DNS lookups first by default. Each failed IPv6 attempt adds delay before the IPv4 lookup succeeds. Forcing IPv4 preference eliminates this wasted time.

Method: GPO Registry Preference

Create a Registry preference item in your GPO to set the DisabledComponents value:

Computer Configuration > Preferences > Windows Settings > Registry

Create a new Registry item with these values:

7. Disable Bandwidth-Consuming Background Services via GPO

Several Windows background services silently consume bandwidth for telemetry, error reporting, and diagnostic data uploads. Disabling these through Group Policy reclaims bandwidth for productive use.

8. Disable Network Adapter Power Management via GPO

Windows may throttle network adapter speed to save power, especially on laptops. GPO can enforce maximum adapter performance by disabling power management features on NICs.

GPO Registry Preference — Disable NIC Power Save

Computer Configuration > Preferences > Windows Settings > Registry

Add the following registry entries to disable adapter power-saving:

Complete GPO Settings Reference Summary

Bonus: PowerShell Script — Verify All Optimizations Are Applied

Run this script on any domain computer to verify that all network optimizations are active:

# Network-Optimization-Audit.ps1

Write-Host '=== Network Optimization Audit ===' -ForegroundColor Cyan

# 1. Check QoS Bandwidth Reservation

$qos = Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Psched' -ErrorAction SilentlyContinue

Write-Host "QoS NonBestEffortLimit: $($qos.NonBestEffortLimit) (should be 0)"

# 2. Check TCP Auto-Tuning

$tcp = netsh int tcp show global | Select-String 'Receive Window Auto-Tuning'

Write-Host "TCP Auto-Tuning: $tcp"

# 3. Check IPv6 DisabledComponents

$ipv6 = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' -ErrorAction SilentlyContinue

Write-Host "IPv6 DisabledComponents: $($ipv6.DisabledComponents) (should be 32 for IPv4 prefer)"

# 4. Check DNS Servers

$dns = Get-DnsClientServerAddress -AddressFamily IPv4 | Where-Object {$_.InterfaceAlias -notlike '*Loopback*'}

$dns | ForEach-Object { Write-Host "DNS on $($_.InterfaceAlias): $($_.ServerAddresses)" }

# 5. Check BITS job throttling policy

$bits = Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -ErrorAction SilentlyContinue

Write-Host "BITS MaxBandwidth: $($bits.MaxTransferRateOnSchedule) Kbps"

Write-Host '=== Audit Complete ===' -ForegroundColor Green

Frequently Asked Questions (FAQ)

Does setting QoS bandwidth limit to 0% affect Quality of Service policies?

No. Setting the Limit reservable bandwidth policy to 0% does not disable QoS policies — it simply releases the reserved bandwidth pool back to general use. Active QoS policies (like those prioritizing VoIP traffic) continue to function correctly. The 0% setting means no bandwidth is permanently held in reserve by the system.

Will these GPO settings affect servers or only workstations?

These GPO settings can be scoped to workstations only by linking the GPO to an OU that contains only computer accounts for Windows 10/11 machines. If you link the GPO to a domain or OU that contains servers, the settings will apply to servers too. Use WMI filters or separate OUs to target only workstations.

Can I apply all these settings in a single GPO?

Yes. It is perfectly valid to combine all network optimization settings into a single GPO named something like CORP-Network-Optimization. This simplifies management, makes it easy to enable/disable all settings at once, and keeps your GPO list clean. Alternatively, you may prefer separate GPOs per category for granular control and easier rollback.

How much faster will the internet be after applying these GPOs?

The improvement depends heavily on your environment. The most impactful single change — releasing the QoS reserved bandwidth — immediately makes 20% more bandwidth available. In real-world tests, users often report noticeably faster browsing, downloads, and cloud app response times. Environments with heavy Windows Update P2P traffic see the most dramatic improvements after disabling Delivery Optimization internet uploads.

Are these changes reversible?

Yes, all GPO-based changes are fully reversible. To roll back, either unlink the GPO, set specific policy settings back to Not Configured, or delete the GPO entirely. Group Policy will then remove enforced registry values on the next refresh cycle. The TCP startup script effects persist until manually reversed or the script is removed from startup.

Conclusion

Maximizing internet performance across domain computers does not require new hardware or ISP upgrades — it requires correctly configuring the Windows networking stack that you already have. By deploying these eight GPO optimizations from your Windows Server 2025 Domain Controller, you gain:

• Full use of your available bandwidth (removing the QoS 20% reservation)
• Faster DNS resolution through optimized DNS server assignment and IPv4 preference
• Protected bandwidth during business hours through BITS and Delivery Optimization throttling
• Improved TCP throughput via Auto-Tuning and stack optimization
• Reduced background noise from telemetry, error reporting, and CEIP services
• Consistent NIC performance by disabling power management throttling

All settings are centrally managed from your Domain Controller, apply silently to every domain-joined computer, and can be reversed at any time — making this one of the highest-ROI configuration projects an IT administrator can undertake