A: Yes. You should use Group Policy to fully configure the WiFi settings for all domain-joined company systems. Doing so gives your clients predictable network access, simplifies complex WiFi configurations, and helps to prevent users from unwittingly connecting to unsecure or malicious networks. You can also use Local Security Policy for non-domain environments and to configure initial Windows images before they receive Group Policy.

At a minimum, consider using Group Policy for these tasks:

  • Restricting all new networks to the Public network profile, to ensure that Windows Firewall is enabled and file sharing is disabled
  • Specifying authorized corporate wireless networks and assigning them to the Domain network profile
  • Disabling Internet Connection Sharing to prevent unauthorized clients from using corporate resources as a network bridge

There are too many settings to list in this brief FAQ, but these are a good starting point. You should examine all policy options to determine the best configuration for your WiFi users.