Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Remove redirected folders on policy removal
Controls whether redirected folders remain on network or are removed when folder redirection policy is deleted. Prevents accidental data loss for MSP-managed environments.
User Configuration > Policies > Administrative Templates > System > Folder Redirection
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Reconnect at logon
Automatically reconnect mapped network drives at user logon. Critical for MSP clients relying on persistent drive mappings for shared resources and file access.
User Configuration > Policies > Administrative Templates > Windows Components > File Sharing
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Slow link mode for offline files
Configures connection speed threshold for offline files slow link detection. Enables efficient sync behavior on slow network connections.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove Drive letters for removable media
Hides specified drive letters from File Explorer and My Computer. Enhances security by restricting access to removable media in MSP-managed environments.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent access to drives via My Computer
Prevents users from accessing specified drive letters through Windows Explorer. Restricts data access to enforce information governance policies.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow only SDI applications
Enables or disables offline file caching for network shares. Important for laptop users and remote workers requiring offline access.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prohibit user from manually creating offline files
Prevents users from creating offline file shortcuts manually. Enforces centralized offline file management policies in MSP-controlled environments.
User Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure network drive cache behavior
Enables or disables offline file caching system-wide. Essential for remote worker support and business continuity in MSP-managed networks.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run startup scripts asynchronously
Allows startup scripts to run in parallel for faster boot times. Improves user experience while running multiple provisioning scripts.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run logoff scripts asynchronously
Enables asynchronous execution of logoff scripts to speed up logout process without waiting for completion.
User Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Set offline files synchronization warning threshold
Defines maximum age in minutes for offline files before warning user. Ensures critical data is synchronized in timely manner.
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Display startup script processing messages
Shows script processing messages during startup. Set to 0 for production environments to avoid startup delays and user confusion.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for startup scripts
Sets maximum time in seconds to wait for startup scripts to complete before user logon timeout. Critical for MSP script deployment timing.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for shutdown scripts
Sets maximum time in seconds to wait for shutdown scripts. Balances thorough execution with preventing indefinite shutdown delays.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable popup blocker
Enables IE popup blocker to prevent malicious popups. Standard security baseline for MSP-managed client environments.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure SmartScreen for phishing detection
Enables real-time SmartScreen filter for phishing and malware detection. Critical security control for protecting client data and credentials.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Phishing Filter
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run logon scripts visible
Controls visibility of logon script execution window. Keep hidden in production to reduce visual clutter during logon process.
User Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow Windows to shutdown without logging in
Permits shutdown scripts to run without requiring user logon. Essential for automated maintenance and patch deployment workflows.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Compatibility View for intranet sites
Automatically enables compatibility mode for intranet sites. Required for legacy LOB applications not compatible with modern IE rendering.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Compatibility View
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Run shutdown scripts asynchronously
Controls parallel execution of shutdown scripts. Disabled to ensure proper shutdown sequence for critical cleanup operations.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Process Group Policy asynchronously
Controls synchronous processing of Group Policy. Disable async to ensure policies apply in correct order during startup.
Computer Configuration > Policies > Administrative Templates > System > Group Policy
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for logon scripts
Sets maximum time in seconds for logon scripts to complete. Prevents excessive logon delays in MSP-managed environments.
User Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Specify script execution timeout for non-interactive logon
Sets timeout in seconds for scripts running during non-interactive system startup. Prevents runaway scripts from blocking boot.
Computer Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Restrict file download security warnings
Controls file download validation and warnings. Prevents users from bypassing security checks on downloaded files.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →