Référence GPO Windows
Une référence complète des stratégies de groupe Microsoft Windows — base de données interrogeable des paramètres GPO avec chemins de registre, versions Windows supportées, étapes de configuration, implications sécurité et cas d'usage concrets. Pensée pour les administrateurs gérant Active Directory, Intune et Windows en autonome.
Qu'est-ce qu'une stratégie de groupe ?
Un objet de stratégie de groupe (GPO) est un paramètre de configuration Windows qui définit le comportement des ordinateurs et des comptes utilisateurs. Chaque stratégie correspond à une ou plusieurs valeurs de registre, s'applique à une portée précise (Ordinateur ou Utilisateur) et est livrée dans un fichier ADMX (modèle administratif). Cette référence indexe le catalogue ADMX de Microsoft avec des explications détaillées, des correspondances de registre et des conseils opérationnels qu'on ne trouve pas sur les pages officielles Microsoft Learn.
Password Protect the Screen Saver
Exige mot de passe to unlock from screen saver.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prevent Changing Screen Saver
Empêche utilisateurs from changing screen saver paramètres.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Enable Screen Saver
Active the screen saver. Requis for screen saver timeout stratégies to apply.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Force Specific Screen Saver
Forces a specific screen saver. Use blank for performance.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prohibit Access to Control Panel and PC Settings
Completely bloque accès to Control Panel and Settings app.
User Configuration > Administrative Templates > Control Panel
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Clear History of Recently Opened Documents on Exit
Clears recently opened documents list when utilisateur logs off.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove Access to the Context Menus for the Taskbar
Désactive right-clicking on the taskbar.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Prohibit Changes to Display Settings
Empêche utilisateurs from changing display paramètres.
User Configuration > Administrative Templates > Control Panel > Display
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Hide Specified Control Panel Items
Hides specific Control Panel applets by name.
User Configuration > Administrative Templates > Control Panel
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Remove Run Menu from Start Menu
Removes the Run command from the Start Menu and keyboard shortcut.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Do Not Keep History of Recently Opened Documents
Empêche Windows from tracking recently opened files.
User Configuration > Administrative Templates > Start Menu and Taskbar
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Redirect Desktop Folder
Redirects the Desktop folder to a réseau location for backup and roaming.
User Configuration > Windows Settings > Folder Redirection > Desktop
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Redirect Documents Folder
Redirects My Documents to a réseau location. Ensures utilisateur data is backed up.
User Configuration > Windows Settings > Folder Redirection > Documents
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Grant User Exclusive Rights to Redirected Folders
Ensures only the utilisateur and administrators have accès to their redirected folder.
User Configuration > Windows Settings > Folder Redirection > [any folder] > Settings
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Redirect AppData (Roaming) Folder
Redirects application data for roaming profiles.
User Configuration > Windows Settings > Folder Redirection > AppData (Roaming)
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Block execution of potentially unsafe macros
Bloque all macros without notification. Empêche malware execution via Office documents. Critical for MSP-managed environments handling untrusted documents.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Trusted Locations for Office files
Designates safe locations where Office files execute without security warnings. Reduces helpdesk tickets for legitimate business documents while maintaining security posture.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center > Trusted Locations
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Protected View for all document types
Opens potentially risky Office documents in read-only sandboxed mode. Reduces exploit surface for zero-day vulnerabilities in Office.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Protected View
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Disable all add-ins except approved list
Empêche unauthorized Office add-ins that could exfiltrate data or inject malware. Essential for compliance in regulated industries.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Trust Center > Add-in Management
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Block external content in Office
Empêche automatic loading of images, videos, and linked content from external sources. Bloque tracking pixels and reduces phishing effectiveness.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > External Content
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Require PIN for Office password reset
Adds second factor to mot de passe reset process. Empêche compte takeover even if primary credentials are compromised.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > Authentication
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Outlook cached exchange mode retention
Controls how many jours of mail are cached offline. Reduces mailbox size while maintaining offline accès for mobile and à distance workers.
User Configuration > Policies > Administrative Templates > Microsoft Outlook 2016 > Outlook Options > Synchronization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Block OLE object execution in Office
Bloque embedded objects (DLLs, executables) in Office documents. Empêche common malware delivery vector used in targeted attaques.
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Security Settings > OLE
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →Screen Saver Timeout
Time in secondes avant the screen saver activates.
User Configuration > Administrative Templates > Control Panel > Personalization
Supporté sur Windows 10, Windows 11, Windows Server 2016 and later
Voir la référence →