Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Set default disk quota warning level
Triggers warning at 750MB avant hitting quota. Gives MSP utilisateurs time to clean up avant quota l'application.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Windows Error Reporting
Désactive automatic error reporting to Microsoft. Empêche sensitive data leakage for MSP compliance requirements.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Windows NTP announcements
Désactive NTP announcements from non-authoritative sources. Empêche unauthorized time sources in MSP networks.
Computer Configuration > Administrative Templates > System > Windows Time Service > Global Configuration Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent creation of diagnostic memory dumps
Désactive automatic crash dump generation to save disk space. MSPs can enable selectively when debugging.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set automatic reboot timeout after crash
Automatically reboots après critical failure. Reduces downtime for MSP production systems.
Computer Configuration > Administrative Templates > System > Startup and Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set error reporting consent level
Exige explicit utilisateur consent for error reporting. Empêche automatic crash data transmission from MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable automatic data collection for known issues
Empêche automatic data collection for known problems. Reduces privacy exposure for MSP clients.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure error report upload frequency
Controls how often queued reports are uploaded. MSPs can reduce réseau impact by decreasing frequency.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Allow recovery console access
Permits Recovery Console accès for authorized administrators. Critical for MSP emergency système recovery.
Computer Configuration > Administrative Templates > System > Recovery Console
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Limit error report archive depth
Limits stored error reports to conserve disk space. Empêche storage exhaustion on MSP-managed systems.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent Windows from automatically sending diagnostic data
Désactive telemetry data collection. Essential for MSP privacy compliance and reducing data exfiltration.
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Turn off System Restore
Désactive Système Restore to free disk space. MSPs typically use backup solutions instead of Système Restore.
Computer Configuration > Administrative Templates > System > System Restore
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Allow floppy copy of Recovery Console
Empêche copying Recovery Console to removable media. Protects against unauthorized système recovery tentatives.
Computer Configuration > Administrative Templates > System > Recovery Console
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable automatic repair on boot
Active automatic repair on startup failures. Reduces downtime for MSP-managed systems.
Computer Configuration > Administrative Templates > System > Recovery
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent access to Windows Recovery Environment
Controls accès to WinRE for recovery operations. MSPs typically enable for legitimate troubleshooting.
Computer Configuration > Administrative Templates > System > Windows Recovery Environment
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent System Restore configuration changes
Empêche utilisateurs from modifying Système Restore paramètres. Ensures MSP-controlled système recovery stratégies.
Computer Configuration > Administrative Templates > System > System Restore
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent access to Safe Mode
Bloque accès to Safe Mode boot options. Empêche unauthorized troubleshooting on MSP-managed systems.
Computer Configuration > Administrative Templates > System > Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Do not display last user name on logon screen
Hides last logged-in username. Reduces information disclosure for MSP security compliance.
Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable disk quotas
Active disk quota l'application on NTFS volumes. Essential for MSPs managing shared storage and preventing runaway disk usage.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Set default disk quota limit
Establishes default 1GB quota per utilisateur. Autorise MSPs to standardize storage allocation across organizations.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Log event when quota threshold exceeded
Logs warning événements when approaching quota. Active MSP monitoring of disk usage patterns.
Computer Configuration > Administrative Templates > System > Disk Quotas
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove Run menu from Start menu
Hides Run menu to limit utilisateur actions. Restreint accès to tools that could bypass MSP controls.
Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →RPC: Restrict Remote RPC Clients
Applique restrictions on unauthenticated RPC clients connecting remotely. Paramètre to 1 exige authentification. Critical for MSPs preventing RPC-based lateral movement.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable lock screen
Désactive Windows lock screen. Paramètre to 1 goes directly to login. MSPs use on kiosk systems to speed up boot.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →