/
CM Client Settings

CM Client Settings

Table of Contents

Categories ITSOs may want to focus on include:

Client Cache Settings - This determines how much cache is available for deploying applications. If you have unusually large application packages you may want increased values in this category.  The default cache size is 10 GB.
Power Management - These controls Wake on LAN and similar settings.
Software Center - This controls branding information, selecting which tabs are visible in Software Center as well as the view defaults.
Computer Agent - This controls various general management settings.
Computer Restart - This controls restart settings related to software updates.

  • Custom client settings can be deployed as the default for all of your computers, or variations of the same setting can be applied to different collections of computers.

  • Client settings are applied using a priority system.  The "highest" priority is 1 and will always be the final settings applied, this is reserved for settings EPM needs to enforce for all.  The "Default Client Settings" priority is set to 10000, these settings will apply to all endpoints unless a custom Client Settings with a higher priority has been created and deployed.

  • Full Microsoft documentation on client settings can be found at Client settings - Configuration Manager | Microsoft Docs

 

The values below are the "Default client settings". Custom settings can be requested except where indicated.

Values shaded in GRAY not applicable even though they have a displayed value, this is due to a parent feature being disabled or not applicable.
Values shaded in RED are set by EPM, these will override custom client settings set by an ITSO. 

Note

Modifications to the client settings must be submitted to the EPM team to ensure changes made to client settings will not negatively impact the platform.
Send requests to epm-requests@its.utexas.edu



Client Setting Category


Setting

Value

Background Intelligent Transfer



Limit the maximum network bandwidth for BITS background transfers

No



Throttling window start time

9 AM



Throttling window end time

5 PM



Maximum transfer rate during throttling window (Kbps)

1000



Allow BITS downloads outside the throttling window

No



Maximum transfer rate outside the throttling window (Kbps)

9999


Cloud Services



Allow access to cloud distribution point

Yes



Automatically register new Windows 10 or later domain joined devices with Azure Active Directory

Yes



Enable clients to use a cloud management gateway

Yes


Client Cache Settings



Configure BranchCache

Yes



Enable BranchCache

No



Maximum BranchCache cache size (percentage of disk)

10



Configure client cache size

No



Maximum cache size (MB)

5120



Maximum cache size (percentage of disk)

20



Enable as peer cache source

No



Port for initial network broadcast

8004



Port for content download from peer

8003


Client Policy



Client policy polling interval (minutes)

60



Enable user policy on clients

Yes



Enable user policy requests from Internet clients

No



Enable user policy for multiple user sessions

Yes


Compliance Settings



Enable compliance evaluation on clients

Yes



Schedule compliance evaluation

Occurs every 4 days effective 05/18/2019 7:00 AM



Enable User Data and profiles

No


Computer Agent



Deployment, deadline greater than 24 hours, remind user every (hours)

48



Deployment, deadline less than 24 hours, remind user every (hours)

4



Deployment, deadline less than 1 hour, remind user every (minutes)

15



Default Application Catalog website point

(none)



Add default Application Catalog website to Internet Explorer trusted sites zone

Yes



Allow Silverlight applications to run in elevated trust mode

Yes



Organization name displayed in Software Center

UT Austin Software



Use new Software Center

Yes



Enable communication with Health Attestation Service

Yes



Use on-premises Health Attestation Service

No



On-premises Health Attestation Service URL





Install permissions

All users



Suspend BitLocker PIN entry on restart

Never



Additional software manages the deployment of applications and software updates

No



PowerShell execution policy

Bypass



Show notifications for new deployments

Yes



Grace period for enforcement after deployment deadline (hours)

0



Enable Endpoint Analytics data collection

Yes


Computer Restart



Configuration Manager can force a device to restart

Yes



Specify the amount of time after the deadline before a device gets restarted (minutes)

90



Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes)

15



After the deadline, specify the frequency of restart reminder notifications to the user (minutes)

240



When a deployment requires a restart, show a dialog window to the user instead of a toast notification

No



When a deployment requires a restart, allow low-rights users to restart a device running Windows Server

No


Delivery Optimization



Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID

No



Enable devices managed  by Configuration Manager to use Microsoft Connected Cache servers for content download

No


Endpoint Protection



Manage Endpoint Protection client on client computers

Yes



Install Endpoint Protection client on client computers

Yes



Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation.

No



For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart)

Yes



Suppress any required computer restarts after the Endpoint Protection client is installed

Yes



Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)

24



Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers

Yes


Hardware Inventory



Enable hardware inventory on clients

Yes



Hardware inventory schedule

Occurs every 7 days effective 2/1/1970 12:00 AM



Maximum random delay (minutes)

240



Hardware inventory classes

Default inventory classes


Metered Internet Connections



Client communication on metered Internet connections

Block


Enrollment



Polling interval for modern devices (minutes)

1440



Allow users to enroll mobile devices and Mac computers

No



Enrollment Profile

(none)



Allow users to enroll modern devices

No



Modern device enrollment profile

(none)


Power Management



Allow power management of devices

Yes



Allow users to exclude their device from power management

No



Allow network wake-up

Not configured



Enable wake-up proxy

No



Wake-up proxy port number (UDP)

25536



Wake on LAN port number (UDP)

9



Windows Defender Firewall exception for wake-up proxy

Disabled



IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries.




Remote Tools



Firewall exception profiles

N/A



Users can change policy or notification settings in Software Center

No



Allow remote control of an unattended computer

Yes



Prompt user for Remote Control permission

Yes



Prompt user for permission to transfer content from share clipboard

No



Grant Remote Control permission to local Administrators group

Yes



Access level allowed

Full Control



Permitted viewers of Remote Control and Remote Assistance

(none)



Show session notification icon on taskbar

Yes



Confluence Documentation | Web Privacy Policy | Web Accessibility