CM Client Settings
Table of Contents
Categories ITSOs may want to focus on include:
Client Cache Settings - This determines how much cache is available for deploying applications. If you have unusually large application packages you may want increased values in this category. The default cache size is 10 GB.
Power Management - These controls Wake on LAN and similar settings.
Software Center - This controls branding information, selecting which tabs are visible in Software Center as well as the view defaults.
Computer Agent - This controls various general management settings.
Computer Restart - This controls restart settings related to software updates.
- Custom client settings can be deployed as the default for all of your computers, or variations of the same setting can be applied to different collections of computers.
- Client settings are applied using a priority system. The "highest" priority is 1 and will always be the final settings applied, this is reserved for settings EPM needs to enforce for all. The "Default Client Settings" priority is set to 10000, these settings will apply to all endpoints unless a custom Client Settings with a higher priority has been created and deployed.
- Full Microsoft documentation on client settings can be found at Client settings - Configuration Manager | Microsoft Docs
The values below are the "Default client settings". Custom settings can be requested except where indicated.
Values shaded in GRAY not applicable even though they have a displayed value, this is due to a parent feature being disabled or not applicable.
Values shaded in RED are set by EPM, these will override custom client settings set by an ITSO.Â
Note
Modifications to the client settings must be submitted to the EPM team to ensure changes made to client settings will not negatively impact the platform.
Send requests to epm-requests@its.utexas.edu
| Client Setting Category | Setting | Value |
Background Intelligent Transfer | ||
| Limit the maximum network bandwidth for BITS background transfers | No | |
| Throttling window start time | 9 AM | |
| Throttling window end time | 5 PM | |
| Maximum transfer rate during throttling window (Kbps) | 1000 | |
| Allow BITS downloads outside the throttling window | No | |
| Maximum transfer rate outside the throttling window (Kbps) | 9999 | |
| ||
| Allow access to cloud distribution point | Yes | |
| Automatically register new Windows 10 or later domain joined devices with Azure Active Directory | Yes | |
| Enable clients to use a cloud management gateway | Yes | |
| ||
| Configure BranchCache | No | |
| Enable BranchCache | No | |
| Maximum BranchCache cache size (percentage of disk) | 10 | |
| Configure client cache size | No | |
| Maximum cache size (MB) | 5120 | |
| Maximum cache size (percentage of disk) | 20 | |
| Enable as peer cache source | No | |
| Port for initial network broadcast | 8004 | |
| Port for content download from peer | 8003 | |
| ||
| Client policy polling interval (minutes) | 60 | |
| Enable user policy on clients | Yes | |
| Enable user policy requests from Internet clients | No | |
| Enable user policy for multiple user sessions | Yes | |
| ||
| Enable compliance evaluation on clients | Yes | |
| Schedule compliance evaluation | Occurs every 4 days effective 05/18/2019 7:00 AM | |
| Enable User Data and profiles | No | |
| ||
| Deployment, deadline greater than 24 hours, remind user every (hours) | 48 | |
| Deployment, deadline less than 24 hours, remind user every (hours) | 4 | |
| Deployment, deadline less than 1 hour, remind user every (minutes) | 15 | |
| Default Application Catalog website point | (none) | |
| Add default Application Catalog website to Internet Explorer trusted sites zone | Yes | |
| Allow Silverlight applications to run in elevated trust mode | Yes | |
| Organization name displayed in Software Center | UT Austin Software | |
| Use new Software Center | Yes | |
| Enable communication with Health Attestation Service | Yes | |
| Use on-premises Health Attestation Service | No | |
| On-premises Health Attestation Service URL | ||
| Install permissions | All users | |
| Suspend BitLocker PIN entry on restart | Never | |
| Additional software manages the deployment of applications and software updates | No | |
| PowerShell execution policy | Bypass | |
| Show notifications for new deployments | Yes | |
| Grace period for enforcement after deployment deadline (hours) | 0 | |
| Enable Endpoint Analytics data collection | Yes | |
| ||
| Configuration Manager can force a device to restart | Yes | |
| Specify the amount of time after the deadline before a device gets restarted (minutes) | 90 | |
| Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes) | 15 | |
| After the deadline, specify the frequency of restart reminder notifications to the user (minutes) | 240 | |
| When a deployment requires a restart, show a dialog window to the user instead of a toast notification | No | |
| When a deployment requires a restart, allow low-rights users to restart a device running Windows Server | No | |
| ||
| Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID | No | |
| Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download | No | |
| ||
| Manage Endpoint Protection client on client computers | Yes | |
| Install Endpoint Protection client on client computers | Yes | |
| Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation. | No | |
| For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart) | Yes | |
| Suppress any required computer restarts after the Endpoint Protection client is installed | Yes | |
| Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours) | 24 | |
| Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers | Yes | |
| ||
| Enable hardware inventory on clients | Yes | |
| Hardware inventory schedule | Occurs every 7 days effective 2/1/1970 12:00 AM | |
| Maximum random delay (minutes) | 240 | |
| Hardware inventory classes | Default inventory classes | |
| ||
| Client communication on metered Internet connections | Block | |
| ||
| Polling interval for modern devices (minutes) | 1440 | |
| Allow users to enroll mobile devices and Mac computers | No | |
| Enrollment Profile | (none) | |
| Allow users to enroll modern devices | No | |
| Modern device enrollment profile | (none) | |
| ||
| Allow power management of devices | Yes | |
| Allow users to exclude their device from power management | No | |
| Allow network wake-up | Not configured | |
| Enable wake-up proxy | No | |
| Wake-up proxy port number (UDP) | 25536 | |
| Wake on LAN port number (UDP) | 9 | |
| Windows Defender Firewall exception for wake-up proxy | Disabled | |
| IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries. | ||
| ||
| Firewall exception profiles | N/A | |
| Users can change policy or notification settings in Software Center | No | |
| Allow remote control of an unattended computer | Yes | |
| Prompt user for Remote Control permission | Yes | |
| Prompt user for permission to transfer content from share clipboard | No | |
| Grant Remote Control permission to local Administrators group | Yes | |
| Access level allowed | Full Control | |
| Permitted viewers of Remote Control and Remote Assistance | (none) | |
| Show session notification icon on taskbar | Yes | |
| Show session connection bar | Yes | |
| Play sound on client | Beginning and end of session | |
| Manage unsolicited Remote Assistance settings | No | |
| Manage solicited Remote Assistance settings | No | |
| Level of access for Remote Assistance | None | |
| Manage Remote Desktop settings | No | |
| Allow permitted viewers to connect by using Remote Desktop connection | No | |
| Require network level authentication | Yes | |
| ||
| Select the user portal | Software Center | |
| Select these new settings to specify company information | Yes | |
| Software Center settings |
| |
| ||
| Schedule re-evaluation for deployments | Occurs every 7 days effective 02/01/1970 12:00 AM | |
| ||
| Enable software inventory on clients | Yes | |
| Schedule software inventory and file collection | Occurs every 7 days effective 05/19/2019 12:00 AM | |
| Inventory reporting detail | Full details | |
| Inventory these files types | (none) | |
| Collect files | (none) | |
| ||
| Enable software metering on clients | Yes | |
| Schedule data collection | Occurs every 7 days effective 02/01/1970 12:00 AM | |
| ||
| Enable software updates on clients | Yes | |
| Software update scan schedule | Occurs every 1 days effective 04/07/2022 3:30 PM | |
| Schedule deployment re-evaluation | Occurs every 1 days effective 04/07/2022 4:00 PM | |
| Allow user proxy for software update scans | No | |
| Enforce TLS certificate pinning for Windows Update client for detecting updates | Yes | |
| When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time | No | |
| Period of time for which all pending deployments with deadline in this time will also be installed | 1 Hours | |
| Allow clients to download delta content when available | No | |
| Port that clients use to receive requests for delta content | 8005 | |
| If delta content is unavailable from distribution points in the current boundary group, immediately fall back to a neighbor or the site default | No | |
| Enable management of the Office 365 Client Agent | Yes | |
| Enable update notifications from Microsoft 365 Apps | No | |
| Enable installation of software updates in "All deployments" maintenance window when "Software update" maintenance window is available | No | |
| Specify thread priority for feature updates | Not Configured | |
| Enable third party software updates | Yes | |
| Enable Dynamic Update for feature updates | Not Configured | |
| ||
| State message reporting cycle (minutes) | 15 | |
| ||
| User device affinity usage threshold (minutes) | 2880 | |
| User device affinity usage threshold (days) | 30 | |
| Automatically configure user device affinity from usage data | No | |
| Allow user to define their primary devices | No | |
| ||
| Manage Windows telemetry settings with Configuration Manager | No | |
| Commercial ID key: | ||
| Windows 10 telemetry | Required | |
| Windows 8.1 and earlier telemetry: | Disable | |
| Enable Windows 8.1 and earlier Internet Explorer data collection for: | Disable | |
Related Information
-
-
Maintenance Windows and Business Hours (Endpoint Management)
-
-
-
-
-
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.Search UT EPM Documentation
Service LinksGet Help
SERVICE STATUS
Section Content
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.