| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
Categories ITSOs may want to focus on include:
Client Cache Settings - This determines how much cache is available for deploying applications. If you have unusually large application packages you may want increased values in this category. The default cache size is 10 GB.
Power Management - These controls Wake on LAN and similar settings.
Software Center - This controls branding information, selecting which tabs are visible in Software Center as well as the view defaults.
Computer Agent - This controls various general management settings.
Computer Restart - This controls restart settings related to software updates.
|
|---|
The values below are the "Default client settings". Custom settings can be requested except where indicated.
Values shaded in GRAY not applicable even though they have a displayed value, this is due to a parent feature being disabled or not applicable.
Values shaded in RED are set by EPM, these will override custom client settings set by an ITSO.
| Info |
|---|
Note Modifications to the client settings must be submitted to the EPM team to ensure changes made to client settings will not negatively impact the platform. |
Client Setting Category | Setting | Value | ||||||
Background Intelligent Transfer | ||||||||
Limit the maximum network bandwidth for BITS background transfers | No | |||||||
Throttling window start time | 9 AM | |||||||
Throttling window end time | 5 PM | |||||||
Maximum transfer rate during throttling window (Kbps) | 1000 | |||||||
Allow BITS downloads outside the throttling window | No | |||||||
Maximum transfer rate outside the throttling window (Kbps) | 9999 | |||||||
| ||||||||
Allow access to cloud distribution point | Yes | |||||||
Automatically register new Windows 10 or later domain joined devices with Azure Active Directory | Yes | |||||||
Enable clients to use a cloud management gateway | Yes | |||||||
| ||||||||
| Anchor | ||||
|---|---|---|---|---|
|
Configure BranchCacheNo
Yes
Enable BranchCache
No
Maximum BranchCache cache size (percentage of disk)
10
Configure client cache size
No
Maximum cache size (MB)
5120
Maximum cache size (percentage of disk)
20
Enable as peer cache source
No
Port for initial network broadcast
8004
Port for content download from peer
8003
Client Policy
Client policy polling interval (minutes)
60
Enable user policy on clients
Yes
Enable user policy requests from Internet clients
No
Enable user policy for multiple user sessions
Yes
Compliance Settings
Enable compliance evaluation on clients
Yes
Schedule compliance evaluation
Occurs every 4 days effective 05/18/2019 7:00 AM
Enable User Data and profiles
No
Computer Agent
| Anchor | ||||
|---|---|---|---|---|
|
Deployment, deadline greater than 24 hours, remind user every (hours)
48
Deployment, deadline less than 24 hours, remind user every (hours)
4
Deployment, deadline less than 1 hour, remind user every (minutes)
15
Default Application Catalog website point
(none)
Add default Application Catalog website to Internet Explorer trusted sites zone
Yes
Allow Silverlight applications to run in elevated trust mode
Yes
Organization name displayed in Software Center
UT Austin Software
Use new Software Center
Yes
Enable communication with Health Attestation Service
Yes
Use on-premises Health Attestation Service
No
On-premises Health Attestation Service URL
Install permissions
All users
Suspend BitLocker PIN entry on restart
Never
Additional software manages the deployment of applications and software updates
No
PowerShell execution policy
Bypass
Show notifications for new deployments
Yes
Grace period for enforcement after deployment deadline (hours)
0
Enable Endpoint Analytics data collection
Yes
Computer Restart
| Anchor | ||||
|---|---|---|---|---|
|
Configuration Manager can force a device to restart
Yes
Specify the amount of time after the deadline before a device gets restarted (minutes)
90
Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes)
15
After the deadline, specify the frequency of restart reminder notifications to the user (minutes)
240
When a deployment requires a restart, show a dialog window to the user instead of a toast notification
No
When a deployment requires a restart, allow low-rights users to restart a device running Windows Server
No
Delivery Optimization
Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID
No
Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download
No
Endpoint Protection
Manage Endpoint Protection client on client computers
Yes
Install Endpoint Protection client on client computers
Yes
Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation.
No
For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart)
Yes
Suppress any required computer restarts after the Endpoint Protection client is installed
Yes
Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)
24
Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers
Yes
Hardware Inventory
Enable hardware inventory on clients
Yes
Hardware inventory schedule
Occurs every 7 days effective 2/1/1970 12:00 AM
Maximum random delay (minutes)
240
Hardware inventory classes
Metered Internet Connections
Client communication on metered Internet connections
Block
Enrollment
Polling interval for modern devices (minutes)
1440
Allow users to enroll mobile devices and Mac computers
No
Enrollment Profile
(none)
Allow users to enroll modern devices
No
Modern device enrollment profile
(none)
Power Management
| Anchor | ||||
|---|---|---|---|---|
|
Allow power management of devices
Yes
Allow users to exclude their device from power management
No
Allow network wake-up
Not configured
Enable wake-up proxy
No
Wake-up proxy port number (UDP)
25536
Wake on LAN port number (UDP)
9
Windows Defender Firewall exception for wake-up proxy
Disabled
IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries.
Remote Tools
Firewall exception profiles
N/A
Users can change policy or notification settings in Software Center
No
Allow remote control of an unattended computer
Yes
Prompt user for Remote Control permission
Yes
Prompt user for permission to transfer content from share clipboard
No
Grant Remote Control permission to local Administrators group
Yes
Access level allowed
Full Control
Permitted viewers of Remote Control and Remote Assistance
(none)
Show session notification icon on taskbar
Yes
Show session connection bar
Yes
Play sound on client
Beginning and end of session
Manage unsolicited Remote Assistance settings
No
Manage solicited Remote Assistance settings
No
Level of access for Remote Assistance
None
Manage Remote Desktop settings
No
Allow permitted viewers to connect by using Remote Desktop connection
No
Require network level authentication
Yes
Software Center
| Anchor | ||||
|---|---|---|---|---|
|
Select the user portal
Software Center
Select these new settings to specify company information
Yes
Software Center settings
Software Deployment
Schedule re-evaluation for deployments
Occurs every 7 days effective 02/01/1970 12:00 AM
Software Inventory
Enable software inventory on clients
Yes
Schedule software inventory and file collection
Occurs every 7 days effective 05/19/2019 12:00 AM
Inventory reporting detail
Full details
Inventory these files types
(none)
Collect files
(none)
Software Metering
Enable software metering on clients
Yes
Schedule data collection
Occurs every 7 days effective 02/01/1970 12:00 AM
Software Updates
Enable software updates on clients
Yes
Software update scan schedule
Occurs every 1 days effective 04/07/2022 3:30 PM
Schedule deployment re-evaluation
Occurs every 1 days effective 04/07/2022 4:00 PM
Allow user proxy for software update scans
No
Enforce TLS certificate pinning for Windows Update client for detecting updates
Yes
When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time
No
Period of time for which all pending deployments with deadline in this time will also be installed
1 Hours
Allow clients to download delta content when available
No
Port that clients use to receive requests for delta content
8005
If delta content is unavailable from distribution points in the current boundary group, immediately fall back to a neighbor or the site default
No
Enable management of the Office 365 Client Agent
Yes
Enable update notifications from Microsoft 365 Apps
No
Enable installation of software updates in "All deployments" maintenance window when "Software update" maintenance window is available
No
Specify thread priority for feature updates
Not Configured
Enable third party software updates
Yes
Enable Dynamic Update for feature updates
Not Configured
State Messaging
State message reporting cycle (minutes)
15
User and Device Affinity
User device affinity usage threshold (minutes)
2880
User device affinity usage threshold (days)
30
Automatically configure user device affinity from usage data
No
Allow user to define their primary devices
No
Windows Diagnostic Data
Manage Windows telemetry settings with Configuration Manager
No
Commercial ID key:
Windows 10 telemetry
Required
Windows 8.1 and earlier telemetry:
Disable
Enable Windows 8.1 and earlier Internet Explorer data collection for:
Disable
Related Information
| Filter by label | ||||
|---|---|---|---|---|
|
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|