I've included the firewall file and the security file into the Group policy and it loads on startup and shutdown. I have already converted them to power shell so if you want to used feel free to do so.
PLEASE NOTE that they run automatically on startup and shutdown so any changes you want to make need to be done and saved in power shell. They are located at c:\windows\system32\GroupPolicy. Look in User and machine, in each is a script folder with startup, logon logoff, etc
Now you don't have to setup scheduler for them. The nic or network takes a little bit longer, maybe 5 seconds to validate but it works really good
IF YOU DO NOT GET NET AND THERE IS A YELLOW FLAG OVER THE NETWORK AT THE BOTTOM, GO TO WINDOWS FIREWALL IN THE CONTROL PANEL AND LOAD DEFAULT FIREWALL SETTINGS THEN RESTART. IT WILL LOAD IT AGAIN ON SHUTDOWN. I have found it lock's op on first use. After restart you should be OK
This supersedes all other files I have already posted. I have removed the other one's
The following rules are active, you can block ALL inbound. You can remove the Home-groups as well, if you remove more in outbound it gives a TCP-IP time out and disconnect the nic. If you continuously ping a site then it stays enabled.
Outbound Allow
Core Networking - DNS (UDP-Out) - NOT Needed for IPv6, But needed for IPv4 if you do not put IP in nic
Core Networking - IPHTTPS (TCP-Out) - Needed for browsing
Core Networking - Ipv6 (IPv6-Out) - Needed if you use IPv6
Homegroup Out - Not needed
Homegroup Out (PNRP) - Not needed
mDNS (UDP-Out) - Needed for IPv4 and Browsing, if using IPv6 then it is not needed
Inbound Allow
Homegroup Out - Needed for sharing
Homegroup Out (PNRP) - Needed for sharing
Everything not listed above gets blocked.
THIS IS INTENDED FOR A FRESH INSTALL, but can be used on other as well. Everything installed after this, will automatically create a rule in the Firewall. On used systems you have to manually add what you use in the Firewall.
This Group Policy has been tested with;
Windows 10 Home x64 (Yes you can enable GPE in Home) - (Windows update CANNOT be forced to stop)
Windows 10 Pro x64 - (Windows update CANNOT be forced to stop)
Windows 10 EDU x64 - (Windows update CANNOT be forced to stop)
Windows Enterprise x64 - (Windows update CANNOT be forced to stop)
Windows Enterprise LTSB x64 2016 (1607) - (Windows update can be forced to stop)
Windows Enterprise LTSC x64 2019 (1809) - (Windows update can be forced to stop)
NOTE; It is NOT necessary to enable file and print sharing. Set your network to private and ONLY ALLOW private options, don't do Domain and Public.
One snag I picked up so far is that you have to use a predefined IP to connect to your router, IE, 192.168.1.20, etc. If not some internet function is not going to work. It will use the DNS of the router to connect to the net. DNS is still needed to pass through the Firewall.
I didn't say it is perfect. Will change stuff as I go along
UPDATE AREA: 07-03-2019
Updated the Group Policy file with new firewall reg file.
DNS is NOT needed if you use IPv4 and add a IP address predefined for the router into your Nic, the router will do the DNS requests and your firewall blocks it.
Fixed the linked shared issue
The added pic show the only Firewall rules needed