Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Set power button action for AC power
Defines power button behavior on AC power. MSPs typically set to Sleep to prevent accidental shutdowns.
Computer Configuration > Administrative Templates > System > Power Management > Power Button Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure NTP server
Specifies NTP server(s) for time synchronization. MSPs should configure reliable, redundant NTP sources.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Require password upon wakeup from sleep
Forces password entry after system wake. Essential for MSP security compliance on unattended systems.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn off sleep when closing lid on AC power
Prevents sleep when lid closes on AC power. Allows users to close laptops while maintaining active sessions.
Computer Configuration > Administrative Templates > System > Power Management > Lid Close Action
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Domain Controller: Refuse machine account password changes
Controls whether domain controllers refuse machine account password changes. Keep at 0 to allow legitimate password rotation. Important for MSPs managing domain security without disrupting trust relationships.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure maximum negative time correction
Limits maximum negative time adjustment to 2 days. Prevents backward time jumps affecting MSP audit trails.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network security: Do not store LAN Manager hash on next password change
Prevents storage of LM hashes on password change. Setting to 1 disables LM storage. Essential for MSPs eliminating weak authentication material.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable wake timers
Prevents scheduled wake events. Reduces unexpected wake-ups that interfere with MSP support schedules.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn off USB selective suspend
Disables USB suspend to prevent device disconnection. Ensures USB devices remain active for MSP support tools.
Computer Configuration > Administrative Templates > System > Power Management > USB Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure Windows NTP Type
Sets NTP client type to use NTP instead of domain controller. Provides more accurate time synchronization for MSP clients.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure NTP client maximum poll interval
Sets maximum poll interval to 1024 seconds. Reduces NTP traffic while maintaining time accuracy for MSP systems.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow wake on network for remote management
Enables Wake-on-LAN for remote management. Critical for MSPs performing after-hours patching and support.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure NTP server special poll interval
Sets NTP server polling interval. Ensures consistent time distribution across MSP domain.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure standby timeout on AC power
Sets sleep timeout to 30 minutes on AC power. Balances energy savings with MSP support availability.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Windows NTP Client
Enables the Windows NTP client service. Essential for maintaining accurate system time across MSP-managed infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Windows NTP Server
Enables domain controllers to act as NTP servers. Essential for MSPs with domain-based time infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Windows Error Reporting
Disables automatic error reporting to Microsoft. Prevents sensitive data leakage for MSP compliance requirements.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure maximum positive time correction
Limits maximum positive time adjustment to 2 days. Prevents excessive time jumps from corrupting MSP operations.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure NTP client minimum poll interval
Sets minimum poll interval to 64 seconds. Balances accuracy and network load for MSP infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable automatic repair on boot
Enables automatic repair on startup failures. Reduces downtime for MSP-managed systems.
Computer Configuration > Administrative Templates > System > Recovery
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove Run menu from Start menu
Hides Run menu to limit user actions. Restricts access to tools that could bypass MSP controls.
Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Windows NTP announcements
Disables NTP announcements from non-authoritative sources. Prevents unauthorized time sources in MSP networks.
Computer Configuration > Administrative Templates > System > Windows Time Service > Global Configuration Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure corporate error reporting server
Routes error reports to internal MSP server instead of Microsoft. Allows centralized crash analysis and compliance.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure WER queue behavior
Queues reports instead of sending immediately. Reduces network impact for MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →