Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Disable Outlook external sharing
Forces calendar sharing through SharePoint instead of direct exports. Empêche accidental disclosure of sensitive schedule information.
User Configuration > Policies > Administrative Templates > Microsoft Outlook 2016 > Security
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable PowerPoint Show file execution
Bloque automatic execution of .pps and .ppsx files which bypass safety controls. Reduces attaque surface for presentation-based malware.
User Configuration > Policies > Administrative Templates > Microsoft PowerPoint 2016 > Security
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable lock screen
Désactive Windows lock screen. Paramètre to 1 goes directly to login. MSPs use on kiosk systems to speed up boot.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove context menu items
Removes context menu from desktop. Paramètre to 1 désactive right-click menus. MSPs use this to simplify kiosk utilisateur interfaces.
User Configuration > Administrative Templates > Desktop
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Custom User Interface (Shell Replacement)
Replaces default Windows Explorer shell with custom application. MSPs use this to lock down kiosk systems or special-purpose devices to single applications.
User Configuration > Administrative Templates > System
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Hide notification area icons
Hides système tray notification area. Paramètre to 1 simplifies taskbar. MSPs use on kiosk systems to reduce utilisateur confusion.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Command Prompt
Désactive Command Prompt completely. Paramètre to 2 désactive for all utilisateurs. Critical for MSPs preventing script execution and système administration.
User Configuration > Administrative Templates > System
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Restrict Control Panel access
Restreint Control Panel accès to specific applets. Paramètre to 1 limits available options. MSPs use this to prevent utilisateurs from changing système paramètres.
User Configuration > Administrative Templates > Control Panel
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable Task Manager
Désactive Task Manager accès via Ctrl+Alt+Del. Paramètre to 1 hides Task Manager. Critical for MSPs preventing utilisateurs from terminating kiosk applications.
User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable changing desktop wallpaper
Empêche utilisateurs from changing wallpaper. Paramètre to 1 applique verrouillé wallpaper. MSPs use for branding kiosk systems.
User Configuration > Administrative Templates > Desktop
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Hide specific drives in My Computer
Hides specified drives from Windows Explorer. MSPs use this to prevent accès to sensitive partitions on kiosk or shared systems.
User Configuration > Administrative Templates > Windows Components > Windows Explorer
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Restrict Run dialog access
Désactive Run dialog (Win+R). Paramètre to 1 hides the dialog. Essential for MSPs preventing command execution on verrouillé-down kiosk systems.
User Configuration > Administrative Templates > System
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove Settings from Settings App
Controls which Settings pages utilisateurs can accès. MSPs restrict this to prevent système configuration changes on shared devices.
User Configuration > Administrative Templates > Control Panel > Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove redirected folders on policy removal
Controls whether redirected folders remain on réseau or are removed when folder redirection stratégie is deleted. Empêche accidental data loss for MSP-managed environments.
User Configuration > Policies > Administrative Templates > System > Folder Redirection
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Reconnect at logon
Automatically reconnect mapped réseau drives at utilisateur connexion. Critical for MSP clients relying on persistent drive mappings for shared resources and file accès.
User Configuration > Policies > Administrative Templates > Windows Components > File Sharing
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prohibit user from manually creating offline files
Empêche utilisateurs from creating offline file shortcuts manually. Applique centralized offline file management stratégies in MSP-controlled environments.
User Configuration > Policies > Administrative Templates > Network > Offline Files
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent access to drives via My Computer
Empêche utilisateurs from accessing specified drive letters through Windows Explorer. Restreint data accès to appliquer information governance stratégies.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove Drive letters for removable media
Hides specified drive letters from File Explorer and My Ordinateur. Enhances security by restricting accès to removable media in MSP-managed environments.
User Configuration > Policies > Administrative Templates > Windows Components > File Explorer
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Maximum wait time for logon scripts
Sets maximum time in secondes for connexion scripts to complete. Empêche excessive connexion delays in MSP-managed environments.
User Configuration > Policies > Administrative Templates > System > Scripts
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Run logon scripts visible
Controls visibility of connexion script execution window. Keep hidden in production to reduce visual clutter during connexion process.
User Configuration > Policies > Administrative Templates > System > Scripts
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure security zones for trusted sites
Adds sites to trusted security zone with relaxed restrictions. Essential for MSP support of internal LOB applications requiring specific security context.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Run logoff scripts asynchronously
Active asynchronous execution of logoff scripts to speed up logout process without waiting for completion.
User Configuration > Policies > Administrative Templates > System > Scripts
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Configure SmartScreen for phishing detection
Active real-time SmartScreen filter for phishing and malware detection. Critical security control for protecting client data and credentials.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Phishing Filter
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent users from changing security zone settings
Locks down security zone configuration preventing utilisateur modification. Applique MSP security stratégies on client workstations.
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →