Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Configure Windows NTP Type
Sets NTP client type to use NTP instead of domaine controller. Provides more accurate time synchronization for MSP clients.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure maximum positive time correction
Limits maximum positive time adjustment to 2 jours. Empêche excessive time jumps from corrupting MSP operations.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP client minimum poll interval
Sets minimum poll interval to 64 secondes. Balances accuracy and réseau load for MSP infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable Windows NTP Server
Active domaine controllers to act as NTP servers. Essential for MSPs with domaine-based time infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure maximum negative time correction
Limits maximum negative time adjustment to 2 jours. Empêche backward time jumps affecting MSP audit trails.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure corporate error reporting server
Routes error reports to internal MSP server instead of Microsoft. Autorise centralized crash analysis and compliance.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP server special poll interval
Sets NTP server polling interval. Ensures consistent time distribution across MSP domaine.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure crash dump location
Specifies where crash dumps are saved. Autorise MSPs to collect dumps for analysis.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set default disk quota warning level
Triggers warning at 750MB avant hitting quota. Gives MSP utilisateurs time to clean up avant quota l'application.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Windows Error Reporting
Désactive automatic error reporting to Microsoft. Empêche sensitive data leakage for MSP compliance requirements.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Windows NTP announcements
Désactive NTP announcements from non-authoritative sources. Empêche unauthorized time sources in MSP networks.
Computer Configuration > Administrative Templates > System > Windows Time Service > Global Configuration Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent creation of diagnostic memory dumps
Désactive automatic crash dump generation to save disk space. MSPs can enable selectively when debugging.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set automatic reboot timeout after crash
Automatically reboots après critical failure. Reduces downtime for MSP production systems.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set error reporting consent level
Exige explicit utilisateur consent for error reporting. Empêche automatic crash data transmission from MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable automatic data collection for known issues
Empêche automatic data collection for known problems. Reduces privacy exposure for MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure error report upload frequency
Controls how often queued reports are uploaded. MSPs can reduce réseau impact by decreasing frequency.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Allow recovery console access
Permits Recovery Console accès for authorized administrators. Critical for MSP emergency système recovery.
Computer Configuration > Administrative Templates > System > Recovery Console
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Limit error report archive depth
Limits stored error reports to conserve disk space. Empêche storage exhaustion on MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent Windows from automatically sending diagnostic data
Désactive telemetry data collection. Essential for MSP privacy compliance and reducing data exfiltration.
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Turn off System Restore
Désactive Système Restore to free disk space. MSPs typically use backup solutions instead of Système Restore.
Computer Configuration > Administrative Templates > System > System Restore
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Allow floppy copy of Recovery Console
Empêche copying Recovery Console to removable media. Protects against unauthorized système recovery tentatives.
Computer Configuration > Administrative Templates > System > Recovery Console
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable automatic repair on boot
Active automatic repair on startup failures. Reduces downtime for MSP-managed systems.
Computer Configuration > Administrative Templates > System > Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent access to Windows Recovery Environment
Controls accès to WinRE for recovery operations. MSPs typically enable for legitimate troubleshooting.
Computer Configuration > Administrative Templates > System > Windows Recovery Environment
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent System Restore configuration changes
Empêche utilisateurs from modifying Système Restore paramètres. Ensures MSP-controlled système recovery stratégies.
Computer Configuration > Administrative Templates > System > System Restore
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →