Group Policy Reference
A comprehensive Microsoft Windows Group Policy reference — searchable database of GPO settings with registry paths, supported OS versions, configuration steps, security implications, and real-world use cases. Built for sysadmins managing Active Directory, Intune, and standalone Windows.
What is a Group Policy?
A Group Policy Object (GPO) is a configuration setting in Windows that defines how computers and user accounts behave. Each policy maps to one or more registry values, applies to a specific scope (Computer or User), and is bundled in an ADMX (Administrative Template) file. This reference indexes Microsoft's ADMX catalog with detailed explanations, registry mappings, and operational guidance you won't find on the official Microsoft Learn pages.
Prevent Changing Screen Saver
Prevents users from changing screen saver settings.
User Configuration > Administrative Templates > Control Panel > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Enable Screen Saver
Enables the screen saver. Required for screen saver timeout policies to apply.
User Configuration > Administrative Templates > Control Panel > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Force Specific Screen Saver
Forces a specific screen saver. Use blank for performance.
User Configuration > Administrative Templates > Control Panel > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Password Protect the Screen Saver
Requires password to unlock from screen saver.
User Configuration > Administrative Templates > Control Panel > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Screen Saver Timeout
Time in seconds before the screen saver activates.
User Configuration > Administrative Templates > Control Panel > Personalization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Do Not Keep History of Recently Opened Documents
Prevents Windows from tracking recently opened files.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Clear History of Recently Opened Documents on Exit
Clears recently opened documents list when user logs off.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Hide Specified Control Panel Items
Hides specific Control Panel applets by name.
User Configuration > Administrative Templates > Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove Run Menu from Start Menu
Removes the Run command from the Start Menu and keyboard shortcut.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prohibit Access to Control Panel and PC Settings
Completely blocks access to Control Panel and Settings app.
User Configuration > Administrative Templates > Control Panel
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Remove Access to the Context Menus for the Taskbar
Disables right-clicking on the taskbar.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Prohibit Changes to Display Settings
Prevents users from changing display settings.
User Configuration > Administrative Templates > Control Panel > Display
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Redirect Desktop Folder
Redirects the Desktop folder to a network location for backup and roaming.
User Configuration > Windows Settings > Folder Redirection > Desktop
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Grant User Exclusive Rights to Redirected Folders
Ensures only the user and administrators have access to their redirected folder.
User Configuration > Windows Settings > Folder Redirection > [any folder] > Settings
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Redirect AppData (Roaming) Folder
Redirects application data for roaming profiles.
User Configuration > Windows Settings > Folder Redirection > AppData (Roaming)
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Protected View for all document types
Opens potentially risky Office documents in read-only sandboxed mode. Reduces exploit surface for zero-day vulnerabilities in Office.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Protected View
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Block execution of potentially unsafe macros
Blocks all macros without notification. Prevents malware execution via Office documents. Critical for MSP-managed environments handling untrusted documents.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Trusted Locations for Office files
Designates safe locations where Office files execute without security warnings. Reduces helpdesk tickets for legitimate business documents while maintaining security posture.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center > Trusted Locations
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable all add-ins except approved list
Prevents unauthorized Office add-ins that could exfiltrate data or inject malware. Essential for compliance in regulated industries.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center > Add-in Management
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Block external content in Office
Prevents automatic loading of images, videos, and linked content from external sources. Blocks tracking pixels and reduces phishing effectiveness.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > External Content
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Outlook cached exchange mode retention
Controls how many days of mail are cached offline. Reduces mailbox size while maintaining offline access for mobile and remote workers.
User Configuration > Policies > Administrative Templates > Microsoft Outlook 2016 > Outlook Options > Synchronization
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable PowerPoint Show file execution
Blocks automatic execution of .pps and .ppsx files which bypass safety controls. Reduces attack surface for presentation-based malware.
User Configuration > Policies > Administrative Templates > Microsoft PowerPoint 2016 > Security
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Disable Outlook external sharing
Forces calendar sharing through SharePoint instead of direct exports. Prevents accidental disclosure of sensitive schedule information.
User Configuration > Policies > Administrative Templates > Microsoft Outlook 2016 > Security
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →Redirect Documents Folder
Redirects My Documents to a network location. Ensures user data is backed up.
User Configuration > Windows Settings > Folder Redirection > Documents
Supported on Windows 10, Windows 11, Windows Server 2016 and later
Read reference →