Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Enable Windows NTP Client
Enables the Windows NTP client service. Essential for maintaining accurate system time across MSP-managed infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Windows NTP Server
Enables domain controllers to act as NTP servers. Essential for MSPs with domain-based time infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Windows Error Reporting
Disables automatic error reporting to Microsoft. Prevents sensitive data leakage for MSP compliance requirements.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure maximum positive time correction
Limits maximum positive time adjustment to 2 days. Prevents excessive time jumps from corrupting MSP operations.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure NTP client minimum poll interval
Sets minimum poll interval to 64 seconds. Balances accuracy and network load for MSP infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable automatic repair on boot
Enables automatic repair on startup failures. Reduces downtime for MSP-managed systems.
Computer Configuration > Administrative Templates > System > Recovery
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Windows NTP announcements
Disables NTP announcements from non-authoritative sources. Prevents unauthorized time sources in MSP networks.
Computer Configuration > Administrative Templates > System > Windows Time Service > Global Configuration Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure corporate error reporting server
Routes error reports to internal MSP server instead of Microsoft. Allows centralized crash analysis and compliance.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure WER queue behavior
Queues reports instead of sending immediately. Reduces network impact for MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →LDAP channel binding token requirements
Enforce LDAP channel binding on domain controllers to prevent LDAP relay attacks. Setting to 2 enforces channel binding requirements. Essential for MSPs protecting against modern authentication attacks.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn off System Restore
Disables System Restore to free disk space. MSPs typically use backup solutions instead of System Restore.
Computer Configuration > Administrative Templates > System > System Restore
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Set error reporting consent level
Requires explicit user consent for error reporting. Prevents automatic crash data transmission from MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable automatic data collection for known issues
Prevents automatic data collection for known problems. Reduces privacy exposure for MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure error report upload frequency
Controls how often queued reports are uploaded. MSPs can reduce network impact by decreasing frequency.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent Windows from automatically sending diagnostic data
Disables telemetry data collection. Essential for MSP privacy compliance and reducing data exfiltration.
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Limit error report archive depth
Limits stored error reports to conserve disk space. Prevents storage exhaustion on MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow floppy copy of Recovery Console
Prevents copying Recovery Console to removable media. Protects against unauthorized system recovery attempts.
Computer Configuration > Administrative Templates > System > Recovery Console
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent access to Safe Mode
Blocks access to Safe Mode boot options. Prevents unauthorized troubleshooting on MSP-managed systems.
Computer Configuration > Administrative Templates > System > Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent creation of diagnostic memory dumps
Disables automatic crash dump generation to save disk space. MSPs can enable selectively when debugging.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable disk quotas
Enables disk quota enforcement on NTFS volumes. Essential for MSPs managing shared storage and preventing runaway disk usage.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Set default disk quota warning level
Triggers warning at 750MB before hitting quota. Gives MSP users time to clean up before quota enforcement.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent System Restore configuration changes
Prevents users from modifying System Restore settings. Ensures MSP-controlled system recovery policies.
Computer Configuration > Administrative Templates > System > System Restore
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow recovery console access
Permits Recovery Console access for authorized administrators. Critical for MSP emergency system recovery.
Computer Configuration > Administrative Templates > System > Recovery Console
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure crash dump location
Specifies where crash dumps are saved. Allows MSPs to collect dumps for analysis.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →