MSP & Windows

Group Policy Reference

Search common GPO settings by name, path or registry key.

15 results

Turn off Windows Defender SmartScreen

Controls the SmartScreen reputation check for files and apps.

Computer Configuration → Administrative Templates → Windows Components → File Explorer

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen

Configure Automatic Updates

Enables and schedules automatic Windows Update behaviour.

Computer Configuration → Administrative Templates → Windows Components → Windows Update

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Account lockout threshold

Number of failed logons before the account is locked out.

Computer Configuration → Windows Settings → Security Settings → Account Policies → Account Lockout Policy

(LSA policy — not a single registry value)

Minimum password length

Minimum number of characters required for user passwords.

Computer Configuration → Windows Settings → Security Settings → Account Policies → Password Policy

(SAM/LSA policy)

Interactive logon: Machine inactivity limit

Auto-locks the session after a period of inactivity.

Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\InactivityTimeoutSecs

Disable USB removable storage (write)

Blocks write access to removable USB storage devices.

Computer Configuration → Administrative Templates → System → Removable Storage Access

HKLM\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices\{GUID}\Deny_Write

Configure RDP Network Level Authentication

Requires NLA before establishing an RDP session.

Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\UserAuthentication

Turn off autoplay

Prevents AutoPlay from launching media/USB content automatically.

Computer Configuration → Administrative Templates → Windows Components → AutoPlay Policies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun

Allow Telemetry / Diagnostic data

Sets the diagnostic data level sent to Microsoft (0=Security … 3=Full).

Computer Configuration → Administrative Templates → Windows Components → Data Collection and Preview Builds

HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry

Block macros from running in Office files from the Internet

Blocks internet-sourced Office macros — a key ransomware mitigation.

User Configuration → Administrative Templates → Microsoft Office → Security Settings (per app)

HKCU\SOFTWARE\Policies\Microsoft\office\16.0\<app>\security\blockcontentexecutionfrominternet

Configure LAPS password backup

Backs up the local admin password to AD or Entra ID (Windows LAPS).

Computer Configuration → Administrative Templates → System → LAPS

HKLM\SOFTWARE\Microsoft\Policies\LAPS\BackupDirectory

Prohibit access to Control Panel and PC settings

Hides and disables all Control Panel / Settings access for the user.

User Configuration → Administrative Templates → Control Panel

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

Set screen saver timeout / password

Forces a password-protected screensaver after N seconds.

User Configuration → Administrative Templates → Control Panel → Personalization

HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut

Deny log on through Remote Desktop Services

Blocks specified users/groups from signing in over RDP.

Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment

(SeDenyRemoteInteractiveLogonRight)

Map network drive (Group Policy Preferences)

Maps network drives for users via Group Policy Preferences.

User Configuration → Preferences → Windows Settings → Drive Maps

(GPP — Drives.xml in SYSVOL)