Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Control Use of the Autofill Feature for Addresses
Controls whether Edge autofills address information.
Computer Configuration > Administrative Templates > Microsoft Edge
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Silently Sign In Users to the OneDrive Sync App with Windows Credentials
Automatically signs users into OneDrive using their Windows credentials. Enables seamless SSO.
Computer Configuration > Administrative Templates > OneDrive
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow Syncing OneDrive Accounts for Only Specific Organizations
Restricts OneDrive sync to only your organization tenant. Prevents data exfiltration to personal tenants.
Computer Configuration > Administrative Templates > OneDrive
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Control Use of the Autofill Feature for Credit Cards
Prevents Edge from storing and autofilling credit card information.
Computer Configuration > Administrative Templates > Microsoft Edge
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prevent Users from Syncing Personal OneDrive Accounts
Prevents users from syncing personal (non-work) OneDrive accounts on corporate devices.
Computer Configuration > Administrative Templates > OneDrive
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Windows Consumer Features
Disables consumer features like app suggestions, third-party app recommendations in Start Menu.
Computer Configuration > Administrative Templates > Windows Components > Cloud Content
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Microsoft Consumer Experiences
Prevents Microsoft from suggesting third-party content in Windows.
Computer Configuration > Administrative Templates > Windows Components > Cloud Content
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow Telemetry
Controls how much diagnostic data is sent to Microsoft. 0 requires Windows Enterprise/Education.
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Password Settings (LAPS)
Sets password complexity for LAPS-managed local admin passwords.
Computer Configuration > Administrative Templates > System > LAPS
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Allow Cortana Above Lock Screen
Prevents Cortana from being accessible on the lock screen.
Computer Configuration > Administrative Templates > Windows Components > Search
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Clear History of Recently Opened Documents on Exit
Clears recently opened documents list when user logs off.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Hide Specified Control Panel Items
Hides specific Control Panel applets by name.
User Configuration > Administrative Templates > Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Location
Disables the Windows location platform.
Computer Configuration > Administrative Templates > Windows Components > Location and Sensors
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove Run Menu from Start Menu
Removes the Run command from the Start Menu and keyboard shortcut.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Advertising ID
Disables the per-user advertising ID used by apps for targeted advertising.
Computer Configuration > Administrative Templates > System > User Profiles
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Turn Off Windows Error Reporting
Prevents crash dumps and error reports from being sent to Microsoft.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prohibit Access to Control Panel and PC Settings
Completely blocks access to Control Panel and Settings app.
User Configuration > Administrative Templates > Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Let Apps Access Contacts
Controls whether apps can access the contacts list.
Computer Configuration > Administrative Templates > Windows Components > App Privacy
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Do Not Allow Password Expiration Time Longer Than Required by Policy
Prevents extending LAPS password expiration beyond what policy allows.
Computer Configuration > Administrative Templates > System > LAPS
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Let Apps Access Location
Controls whether apps can access location data.
Computer Configuration > Administrative Templates > Windows Components > App Privacy
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remote Assistance: Maximum Ticket Time
Limits how long a Remote Assistance invitation remains valid. Minimize to reduce the exposure window.
Computer Configuration > Administrative Templates > System > Remote Assistance
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Local Admin Password Management
Enables LAPS to manage the local Administrator account password. Prevents lateral movement via shared local admin passwords.
Computer Configuration > Administrative Templates > System > LAPS
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Password Age (LAPS)
Sets how often LAPS rotates the local admin password.
Computer Configuration > Administrative Templates > System > LAPS
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Deny Log On Locally
Explicitly prevents specified accounts from logging on interactively.
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →