Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Configure VPN idle disconnect timeout
Automatically disconnects idle VPN sessions après timeout. Reduces security exposure for MSP-managed systems.
Computer Configuration > Administrative Templates > Network > RAS
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Turn off USB selective suspend
Désactive USB suspend to prevent device disconnection. Ensures USB devices remain active for MSP support tools.
Computer Configuration > Administrative Templates > System > Power Management > USB Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Turn off display after X minutes on battery
Turns off display on battery power to extend battery life. Critical for MSP mobile workforces.
Computer Configuration > Administrative Templates > System > Power Management > Video and Display Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Require password upon wakeup from sleep
Forces mot de passe entry après système wake. Essential for MSP security compliance on unattended systems.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable Windows NTP Client
Active the Windows NTP client service. Essential for maintaining accurate système time across MSP-managed infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Controls outgoing NTLM usage on the ordinateur. Paramètre to 2 bloque NTLM for à distance connections. Essential for MSPs preventing clients from authenticating to NTLM-only systems.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure standby timeout on AC power
Sets sleep timeout to 30 minutes on AC power. Balances energy savings with MSP support availability.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP client maximum poll interval
Sets maximum poll interval to 1024 secondes. Reduces NTP traffic while maintaining time accuracy for MSP systems.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Network access: Named Pipes that can be accessed anonymously
Lists named pipes accessible via NULL sessions. MSPs keep this empty to prevent attaque tools from enumerating the réseau.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable hibernation
Active hibernation as sleep option. Provides power conservation without losing work state for MSP clients.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent standby states S1-S3 (Modern Standby)
Désactive light sleep states to prevent réseau interruption. Ensures continuous connectivity for MSP-managed servers.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure WER queue behavior
Queues reports instead of sending immediately. Reduces réseau impact for MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable wake timers
Empêche scheduled wake événements. Reduces unexpected wake-ups that interfere with MSP support schedules.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Allow wake on network for remote management
Active Wake-on-LAN for à distance management. Critical for MSPs performing après-heures patching and support.
Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set display timeout on battery power
Reduces display timeout on battery to conserve power. Extends battery life for mobile MSP clients.
Computer Configuration > Administrative Templates > System > Power Management > Video and Display Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP server
Specifies NTP server(s) for time synchronization. MSPs should configure reliable, redundant NTP sources.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure Windows NTP Type
Sets NTP client type to use NTP instead of domaine controller. Provides more accurate time synchronization for MSP clients.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure maximum positive time correction
Limits maximum positive time adjustment to 2 jours. Empêche excessive time jumps from corrupting MSP operations.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP client minimum poll interval
Sets minimum poll interval to 64 secondes. Balances accuracy and réseau load for MSP infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable Windows NTP Server
Active domaine controllers to act as NTP servers. Essential for MSPs with domaine-based time infrastructure.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure maximum negative time correction
Limits maximum negative time adjustment to 2 jours. Empêche backward time jumps affecting MSP audit trails.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure corporate error reporting server
Routes error reports to internal MSP server instead of Microsoft. Autorise centralized crash analysis and compliance.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure NTP server special poll interval
Sets NTP server polling interval. Ensures consistent time distribution across MSP domaine.
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure crash dump location
Specifies where crash dumps are saved. Autorise MSPs to collect dumps for analysis.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →