Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Deny Access to This Computer from the Network
Prevents specified accounts from connecting to this computer over the network.
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Generate Security Audits
Allows a process to generate audit entries in the security log.
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Interactive Logon: Message Text for Users Attempting to Log On
Displays a legal notice before logon. Recommended for compliance.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Interactive Logon: Do Not Display Last User Name
Prevents the last logged-on username from being displayed at the logon screen.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Accounts: Rename Administrator Account
Rename the built-in Administrator account to reduce targeted attacks.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →User Account Control: Behavior of the Elevation Prompt for Administrators
Controls UAC behavior for admin accounts. Value 2 requires credentials at each elevation.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network Security: LAN Manager Authentication Level
Controls which challenge/response authentication protocol is used. Value 5 enforces NTLMv2 and rejects weaker protocols.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum Security Log Size
Sets the maximum size of the Security event log. Small logs get overwritten during incidents.
Computer Configuration > Windows Settings > Security Settings > Event Log
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn On Real-Time Protection
Ensures real-time scanning is always active.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-Time Protection
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Accounts: Guest Account Status
The built-in Guest account should always remain disabled.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →User Account Control: Virtualize File and Registry Write Failures
Redirects legacy app write failures to per-user locations. Required for UAC compatibility.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Shutdown: Allow System to Be Shut Down Without Having to Log On
Controls whether the shutdown button appears on the logon screen.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Retention Method for Security Log
Controls what happens when the security log is full. Overwriting destroys forensic evidence.
Computer Configuration > Windows Settings > Security Settings > Event Log
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure Controlled Folder Access
Ransomware protection - prevents unauthorized apps from modifying protected folders.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network Security: Restrict NTLM: Outgoing NTLM Traffic to Remote Servers
Prevents this machine from sending NTLM authentication to remote servers. Reduces NTLM relay attack exposure.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum Application Log Size
Sets the maximum size of the Application event log.
Computer Configuration > Windows Settings > Security Settings > Event Log
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Network Security: Restrict NTLM: NTLM Authentication in This Domain
Controls NTLM authentication within the domain. Moving to Deny blocks legacy NTLM entirely.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Windows Defender Antivirus
If enabled, disables Defender entirely. Should be Disabled unless a third-party AV manages this.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Routine Remediation
If enabled, prevents Defender from automatically remediating detected threats.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Hypervisor Protected Code Integrity (HVCI)
Enforces kernel code integrity using VBS. Prevents unsigned kernel drivers and code injection.
Computer Configuration > Administrative Templates > System > Device Guard
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Require Additional Authentication at Startup
Required to allow BitLocker without a compatible TPM, or to require a PIN in addition to TPM.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure Attack Surface Reduction Rules
ASR rules block common attack vectors like Office macros spawning processes, credential theft from LSASS, and ransomware behaviors.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack Surface Reduction
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Network Protection
Blocks connections to known malicious IPs and domains via SmartScreen.
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Network Protection
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Deny Log On Locally
Explicitly prevents specified accounts from logging on interactively.
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →