Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Block non-Store applications
Restreint execution to Store apps only. Applique security stratégie for highly restricted environments like kiosks or healthcare facilities.
Computer Configuration > Policies > Windows Components > App Package Deployment
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set download mode for bandwidth management
Controls whether devices download from peers, Microsoft servers, or both. Paramètre to 2 (Group Download) reduces WAN bandwidth by caching updates locally.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure Delivery Optimization group ID
Groups devices for peer caching across office locations. Reduces bandwidth costs by allowing local P2P sharing between branch sites.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Store app suggestions and notifications
Removes promotional content and update suggestions from Store. Reduces noise and empêche accidental installs of recommended apps.
Computer Configuration > Policies > Administrative Templates > Windows Components > Store
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Restrict peer connections to domain networks only
Limits peering to internal réseau only. Empêche sensitive updates from being downloaded via untrusted internet peers.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable automatic Store app updates
Exige manual approval for Store app updates. Autorise MSPs to control update timing and test compatibility avant deployment.
Computer Configuration > Policies > Administrative Templates > Windows Components > Store
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable Automatic Updates through Windows Update for Business
Active automatic update installation. Ensures all endpoints maintain current security patches.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Restrict app installation to enterprise catalog
Routes Store accès to managed business catalog. Active controlled app distribution with licensing and compliance tracking.
Computer Configuration > Policies > Administrative Templates > Windows Components > Store
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Store app background updates
Empêche Store apps from updating in background. Reduces unexpected bandwidth usage and système resource consumption.
Computer Configuration > Policies > Administrative Templates > Windows Components > Store
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent sideloading of Store apps
Bloque installation of Store apps from external sources. Empêche trojanized app packages from compromising endpoints.
Computer Configuration > Policies > Administrative Templates > Windows Components > App Package Deployment
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set restart deadline for feature updates
Forces restart 14 jours après update availability if utilisateur has ignored notifications. Empêche perpetually unpatched systems.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update for Business
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure WSUS server for DO updates
Mode 3 active local server caching for enterprises using WSUS. Integrates DO with existing update infrastructure.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable DO telemetry collection for monitoring
Autorise Microsoft to collect DO efficiency metrics. Helps MSPs identify bandwidth savings and P2P effectiveness.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set maximum upload bandwidth as percentage
Limits upload bandwidth for P2P sharing to 20% of connection. Empêche DO from consuming all available bandwidth during business heures.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set cache size on local drive
Controls percentage of disk space used for caching downloaded updates. Higher cache reduces redundant downloads from peer devices.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set minimum peer connection delay
Devices must cache updates for 3 jours minimum avant sharing. Ensures stability and reduces troubleshooting from pushing untested updates.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Limit DO connections to specific network adapter
Restreint peer caching to wired connections only. Preserves mobile data for à distance workers and empêche metering penalties.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable peer caching over VPN
Bloque P2P sharing over VPN connections. Empêche updates from being uploaded across à distance worker connections.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set maximum download bandwidth in MB/s
Limits download speed to 50 MB/s to prevent réseau saturation. Ensures business applications maintain performance during updates.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set feature update deferral period
Delays major Windows updates by 180 jours. Autorise testing in lab environments avant deploying to production client base.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update for Business
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Windows Update telemetry
Désactive compatibility and usage data collection during updates. Requis for HIPAA and GDPR compliance.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update for Business
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set download mode for metered connections
Restreint downloading to Microsoft servers only when on metered networks. Empêche expensive data overages for mobile utilisateurs.
Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set quality update deferral period
Delays security patches by 14 jours for early compatibility testing. Balances security against stability in critical infrastructure.
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update for Business
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable certificate auto-renewal
Automatically renews certificates avant expiration. Empêche certificate expiration outages in production environments.
Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client - Auto-Enrollment
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →