How to Set Up Windows Server 2019 QoS Policies

How to Set Up Windows Server 2019 QoS Policies

Quality of Service (QoS) policies on Windows Server 2019 allow administrators to prioritize, throttle, and classify network traffic based on application, port, protocol, or IP address. Policy-based QoS uses Group Policy or local policies to apply DSCP (Differentiated Services Code Point) markings and traffic throttling without requiring changes to applications. This guide covers creating, applying, and managing QoS policies using Group Policy and PowerShell on Windows Server 2019.

Understanding QoS Policy Components

QoS policies in Windows consist of several components. DSCP marking (values 0–63) tags outbound packets with priority information that routers and switches can use for traffic prioritization. Throttle rate sets a maximum bandwidth limit for traffic matching the policy criteria. Policy conditions identify which traffic to match using application name, IP protocol, source/destination ports, and IP addresses. Policies are applied via Group Policy Objects and processed by the Windows QoS Packet Scheduler.

Enabling the QoS Packet Scheduler

# Verify the QoS Packet Scheduler is enabled on network adapters
Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | ForEach-Object {
    $binding = Get-NetAdapterBinding -Name $_.Name -ComponentID "ms_pacer"
    [PSCustomObject]@{
        Adapter = $_.Name
        QoSSchedulerEnabled = $binding.Enabled
    }
}

# Enable the QoS Packet Scheduler on a specific adapter
Enable-NetAdapterBinding -Name "Ethernet0" -ComponentID "ms_pacer"

# Verify via registry
Get-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesPsched" -Name "Start"

Creating QoS Policies with PowerShell

# Create a DSCP marking policy for backup traffic (limit bandwidth)
New-NetQosPolicy -Name "Backup-Throttle" `
  -AppPathNameMatchCondition "robocopy.exe" `
  -ThrottleRateActionBitsPerSecond 500MB `
  -DSCPAction 0 `
  -NetworkProfile All

# Create a policy for SQL Server traffic with high DSCP value (46 = Expedited Forwarding)
New-NetQosPolicy -Name "SQL-Server-Priority" `
  -AppPathNameMatchCondition "sqlservr.exe" `
  -DSCPAction 46 `
  -NetworkProfile All

# Create a policy for RDP traffic with assured forwarding
New-NetQosPolicy -Name "RDP-Priority" `
  -IPProtocolMatchCondition TCP `
  -IPDstPortStart 3389 `
  -IPDstPortEnd 3389 `
  -DSCPAction 34 `
  -NetworkProfile All

# Create a policy for DNS traffic  
New-NetQosPolicy -Name "DNS-Priority" `
  -IPProtocolMatchCondition UDP `
  -IPDstPortStart 53 `
  -IPDstPortEnd 53 `
  -DSCPAction 40 `
  -NetworkProfile All

# List all QoS policies
Get-NetQosPolicy | Select-Object Name, AppPathNameMatchCondition, DSCPAction, 
  ThrottleRateActionBitsPerSecond, IPProtocolMatchCondition, IPDstPortStart | Format-Table -AutoSize

Configuring QoS via Group Policy

Group Policy provides centralized QoS policy management for domain-joined servers. Create a QoS policy GPO:

# QoS Policy path in Group Policy:
# Computer Configuration > Windows Settings > Policy-based QoS

# Settings for a new QoS policy in GPO:
Policy Name: Backup-Throttle-Policy
Specify DSCP Value: 0 (Best Effort)
Specify Outbound Throttle Rate: 50 Mbps

# Application: This QoS policy applies to: Only applications with this executable name
# Executable name: robocopy.exe

# Network conditions:
# Apply this policy to: Any source address to Any destination address
# Protocol: TCP and UDP
# Port: Any source port to Any destination port

# For SMB traffic prioritization via GPO:
Policy Name: SMB-Priority
Specify DSCP Value: 26 (AF31)
Application: System (or svchost.exe)
TCP Destination Port: 445

Creating Port-Based QoS Policies

# Prioritize VoIP traffic (UDP 5060-5090 = SIP, UDP 16384-32767 = RTP)
New-NetQosPolicy -Name "VoIP-SIP" `
  -IPProtocolMatchCondition UDP `
  -IPDstPortStart 5060 `
  -IPDstPortEnd 5090 `
  -DSCPAction 46 `
  -NetworkProfile All

New-NetQosPolicy -Name "VoIP-RTP" `
  -IPProtocolMatchCondition UDP `
  -IPDstPortStart 16384 `
  -IPDstPortEnd 32767 `
  -DSCPAction 46 `
  -NetworkProfile All

# Throttle Windows Update traffic to 10 Mbps during business hours
New-NetQosPolicy -Name "WindowsUpdate-Throttle" `
  -AppPathNameMatchCondition "svchost.exe" `
  -IPDstPortStart 80 `
  -IPDstPortEnd 80 `
  -ThrottleRateActionBitsPerSecond 10MB `
  -NetworkProfile All

Validating DSCP Markings

# Capture packets to verify DSCP markings are applied
# Use netsh to enable packet capture
netsh trace start capture=yes tracefile=C:Tracesqos_trace.etl

# Generate test traffic (e.g., copy a file)
Copy-Item -Path "C:TestFile.dat" -Destination "\server01share" -Force

# Stop capture
netsh trace stop

# Analyze with Windows Message Analyzer or Wireshark
# In Wireshark, filter: ip.dsfield.dscp == 26 (to see AF31-marked packets)

# Alternatively, use PowerShell to check QoS policy application
Get-NetQosPolicyStatus | Select-Object PolicyName, DSCPAction, AppliedToAdapters

Managing and Removing QoS Policies

# Modify an existing policy (change throttle rate)
Set-NetQosPolicy -Name "Backup-Throttle" -ThrottleRateActionBitsPerSecond 200MB

# Enable or disable a policy
# (QoS policies don't have an explicit enable/disable - remove to disable, recreate to re-enable)

# Remove a specific policy
Remove-NetQosPolicy -Name "Backup-Throttle" -Confirm:$false

# Remove all custom QoS policies
Get-NetQosPolicy | Where-Object { $_.PolicyStore -ne "ActiveStore" } | 
  Remove-NetQosPolicy -Confirm:$false

# View effective policies (merged from all policy stores)
Get-NetQosPolicy -PolicyStore ActiveStore | 
  Select-Object Name, DSCPAction, ThrottleRateActionBitsPerSecond | Format-Table

Monitoring QoS Policy Effectiveness

# Monitor traffic throttling with Performance Monitor
$counters = @(
    "Network Interface(*)Bytes Sent/sec",
    "Network Interface(*)Bytes Received/sec",
    "Network QoS Policy(*)Packets Transmitted",
    "Network QoS Policy(*)Packets Transmitted/sec"
)

Get-Counter -Counter $counters -SampleInterval 5 -MaxSamples 12 |
  ForEach-Object {
    $_.CounterSamples | Where-Object { $_.CookedValue -gt 0 } |
    Select-Object Path, CookedValue
  } | Format-Table -AutoSize

QoS policies are most effective when they are applied consistently across all servers and when the network infrastructure (switches and routers) is configured to honor DSCP markings. Work with your network team to configure DSCP trust on switch ports connected to Windows Server 2019 hosts, and verify end-to-end that DSCP values are preserved across the path from source to destination. Without switch-level DSCP honoring, Windows QoS policies will still throttle outbound traffic but the DSCP markings may be stripped at the first hop.