Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
RPC: Restrict Unauthenticated RPC clients
Prevents unauthenticated RPC clients from connecting to the computer. Setting to 1 denies NULL sessions. Essential for MSPs blocking anonymous RPC exploitation.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →RPC: Enable RPC over named pipes
Controls RPC over named pipes support. Keep enabled for compatibility but combine with authentication settings. MSPs monitor this for security posture.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →DCOM: Machine Access Restrictions (Security Descriptor)
Controls DCOM access permissions at machine level. MSPs restrict this to prevent lateral movement via DCOM exploitation on client workstations.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →DCOM: Machine Launch Restrictions (Security Descriptor)
Controls who can launch DCOM applications. Restricting prevents attackers from launching DCOM objects for privilege escalation or persistence.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure RPC connection timeout
Sets RPC connection timeout in milliseconds. Value 30000 forces disconnection after 30 seconds. MSPs use this to prevent resource exhaustion.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →WMI: Restrict WMI Remote Access
Controls WMI access control behavior. Default (0) respects WMI namespace security. MSPs audit this to ensure WMI is properly restricted on client systems.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →RPC: Restrict Remote RPC Clients
Enforces restrictions on unauthenticated RPC clients connecting remotely. Setting to 1 requires authentication. Critical for MSPs preventing RPC-based lateral movement.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →