Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Enable Compatibility View for intranet sites
Automatically enables compatibility mode for intranet sites. Required for legacy LOB applications not compatible with modern IE rendering.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Compatibility View
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Maximum wait time for logon scripts
Sets maximum time in seconds for logon scripts to complete. Prevents excessive logon delays in MSP-managed environments.
User Configuration > Policies > Administrative Templates > System > Scripts
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Restrict file download security warnings
Controls file download validation and warnings. Prevents users from bypassing security checks on downloaded files.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure security zones for trusted sites
Adds sites to trusted security zone with relaxed restrictions. Essential for MSP support of internal LOB applications requiring specific security context.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent users from changing security zone settings
Locks down security zone configuration preventing user modification. Enforces MSP security policies on client workstations.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable changing proxy settings
Prevents users from modifying proxy configuration. Ensures consistent network traffic routing in MSP environments.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Connection Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable managing certificate stores
Prevents users from managing SSL certificates. Protects certificate infrastructure in secured MSP environments.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable script debugging
Disables script debugging functionality to reduce attack surface. Prevents users from inspecting or modifying active scripts.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure default File Explorer folder view
Sets default folder view to Details for all users. Provides consistent and detailed file information display.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow user certificate installation
Prevents user installation of untrusted certificates. Enforces centralized certificate management in MSP-controlled environments.
User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent users from changing wallpaper
Locks wallpaper to prevent user modifications. Maintains corporate branding and desktop consistency.
User Configuration > Policies > Administrative Templates > Desktop > Desktop
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent theme changes
Locks theme selection preventing user modifications. Enforces consistent visual appearance across organization.
User Configuration > Policies > Administrative Templates > Desktop > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable desktop cleanup
Disables desktop cleanup wizard to prevent accidental file removal. Protects user files on shared or kiosk devices.
User Configuration > Policies > Administrative Templates > Desktop > Desktop Cleanup Wizard
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Show hidden files enforcement
Enforces display of hidden files system-wide. Enables visibility of system files for troubleshooting in MSP support scenarios.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable screen saver settings changes
Locks screen saver settings to prevent user modification. Enforces security timeout and screen saver policies.
User Configuration > Policies > Administrative Templates > Control Panel > Display
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Configure Start menu layout
Deploys custom Start menu layout to all users. Simplifies access to required applications and reduces support calls.
User Configuration > Policies > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent access to Settings app
Blocks access to Windows Settings application. Prevents users from modifying device configuration in restricted environments.
User Configuration > Policies > Administrative Templates > System > Group Policy
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable context menu customization
Prevents users from accessing right-click context menu in File Explorer. Restricts access to sensitive options.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Pin applications to taskbar
Pre-pins required applications to taskbar. Ensures critical business applications are always accessible to users.
User Configuration > Policies > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent access to drives via My Computer
Prevents opening specified drives in Windows Explorer. Enforces data compartmentalization in secure environments.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove notification area items
Hides specified system tray icons from notification area. Reduces visual clutter and prevents user access to disabled features.
User Configuration > Policies > Administrative Templates > Start Menu and Taskbar > Notification Area
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Hide Control Panel
Hides Control Panel from Start menu and File Explorer. Restricts user access to system settings in locked-down environments.
User Configuration > Policies > Administrative Templates > Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent adding files to Quick Access
Disables Quick Access feature in File Explorer. Ensures consistent folder navigation and prevents shortcut proliferation.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Show file extension display enforcement
Forces display of file extensions for all files. Prevents users from being tricked by malicious executable files.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →