Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Network access: Remotely accessible registry paths and sub-paths
Specifies registry subtrees remotely accessible. MSPs restrict to prevent remote registry enumeration attacks.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network access: Shares that can be accessed anonymously
Lists shares accessible via NULL sessions. MSPs keep empty to prevent anonymous data access and discovery.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable WebDAV client
Disables WebDAV client functionality to reduce attack surface and prevent unauthorized remote file access. Recommended for high-security MSP environments.
Computer Configuration > Policies > Administrative Templates > Network > WebDAV
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure offline files sync bandwidth
Sets bandwidth throttling for offline files synchronization. Prevents network congestion during sync operations in managed client environments.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run startup scripts in parallel
Enables parallel processing of multiple startup scripts for improved boot performance in complex provisioning scenarios.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable file caching for network files
Controls the size of offline files cache in kilobytes. Allows configuration of local cache capacity for improved offline performance.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure DNS client settings
Sets DNS suffix search list for internal domain resolution. Enables seamless access to internal resources.
Computer Configuration > Policies > Administrative Templates > Network > DNS Client
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network access: Remotely accessible registry paths
Specifies registry paths remotely accessible. MSPs restrict to only necessary paths to prevent information disclosure.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network access: Insecure guest logons
Allows insecure guest authentication. Setting to 0 requires secure auth. Critical for MSPs preventing credential relay attacks.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Slow link mode for offline files
Configures connection speed threshold for offline files slow link detection. Enables efficient sync behavior on slow network connections.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow only SDI applications
Enables or disables offline file caching for network shares. Important for laptop users and remote workers requiring offline access.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure network drive cache behavior
Enables or disables offline file caching system-wide. Essential for remote worker support and business continuity in MSP-managed networks.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run startup scripts asynchronously
Allows startup scripts to run in parallel for faster boot times. Improves user experience while running multiple provisioning scripts.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Set offline files synchronization warning threshold
Defines maximum age in minutes for offline files before warning user. Ensures critical data is synchronized in timely manner.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Display startup script processing messages
Shows script processing messages during startup. Set to 0 for production environments to avoid startup delays and user confusion.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for startup scripts
Sets maximum time in seconds to wait for startup scripts to complete before user logon timeout. Critical for MSP script deployment timing.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for shutdown scripts
Sets maximum time in seconds to wait for shutdown scripts. Balances thorough execution with preventing indefinite shutdown delays.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow Windows to shutdown without logging in
Permits shutdown scripts to run without requiring user logon. Essential for automated maintenance and patch deployment workflows.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run shutdown scripts asynchronously
Controls parallel execution of shutdown scripts. Disabled to ensure proper shutdown sequence for critical cleanup operations.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Process Group Policy asynchronously
Controls synchronous processing of Group Policy. Disable async to ensure policies apply in correct order during startup.
Computer Configuration > Policies > Administrative Templates > System > Group Policy
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Specify script execution timeout for non-interactive logon
Sets timeout in seconds for scripts running during non-interactive system startup. Prevents runaway scripts from blocking boot.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow execution of startup scripts with partial GPO scope
Controls whether startup scripts execute if Group Policy cannot be fully applied. Set to 0 to enforce complete policy enforcement.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure proxy server settings
Sets centralized proxy configuration for internet traffic. Enables MSPs to enforce corporate proxy and content filtering policies.
Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure Application Guard for Edge
Enables Application Guard isolated browsing for Microsoft Edge. Protects against malicious websites by isolating them in containers.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Application Guard
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →