Client Setting Category
| Setting | Value |
Background Intelligent Transfer |
| Limit the maximum network bandwidth for BITS background transfers | No |
| Throttling window start time | 9 AM |
| Throttling window end time | 5 PM |
| Maximum transfer rate during throttling window (Kbps) | 1000 |
| Allow BITS downloads outside the throttling window | No |
| Maximum transfer rate outside the throttling window (Kbps) | 9999 |
Cloud Services
|
| Allow access to cloud distribution point | Yes |
| Automatically register new Windows 10 or later domain joined devices with Azure Active Directory | Yes |
| Enable clients to use a cloud management gateway | Yes |
Client Cache Settings Anchor |
---|
| ClientCacheSettings |
---|
| ClientCacheSettings |
---|
|
|
| Configure BranchCache | No |
| Enable BranchCache | No |
| Maximum BranchCache cache size (percentage of disk) | 10 |
| Configure client cache size | No |
| Maximum cache size (MB) | 5120 |
| Maximum cache size (percentage of disk) | 20 |
| Enable as peer cache source | No |
| Port for initial network broadcast | 8004 |
| Port for content download from peer | 8003 |
Client Policy
|
| Client policy polling interval (minutes) | 60 |
| Enable user policy on clients | Yes |
| Enable user policy requests from Internet clients | No |
| Enable user policy for multiple user sessions | Yes |
Compliance Settings
|
| Enable compliance evaluation on clients | Yes |
| Schedule compliance evaluation | Occurs every 4 days effective 05/18/2019 7:00 AM |
| Enable User Data and profiles | No |
Computer Agent Anchor |
---|
| ComputerAgent |
---|
| ComputerAgent |
---|
|
|
| Deployment, deadline greater than 24 hours, remind user every (hours) | 48 |
| Deployment, deadline less than 24 hours, remind user every (hours) | 4 |
| Deployment, deadline less than 1 hour, remind user every (minutes) | 15 |
| Default Application Catalog website point | (none) |
| Add default Application Catalog website to Internet Explorer trusted sites zone | Yes |
| Allow Silverlight applications to run in elevated trust mode | Yes |
| Organization name displayed in Software Center | UT Austin Software |
| Use new Software Center | Yes |
| Enable communication with Health Attestation Service | Yes |
| Use on-premises Health Attestation Service | No |
| On-premises Health Attestation Service URL |
|
| Install permissions | All users |
| Suspend BitLocker PIN entry on restart | Never |
| Additional software manages the deployment of applications and software updates | No |
| PowerShell execution policy | Bypass |
| Show notifications for new deployments | Yes |
| Grace period for enforcement after deployment deadline (hours) | 0 |
| Enable Endpoint Analytics data collection | Yes |
Computer Restart Anchor |
---|
| ComputerRestart |
---|
| ComputerRestart |
---|
|
|
| Configuration Manager can force a device to restart | Yes |
| Specify the amount of time after the deadline before a device gets restarted (minutes) | 90 |
| Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes) | 15 |
| After the deadline, specify the frequency of restart reminder notifications to the user (minutes) | 240 |
| When a deployment requires a restart, show a dialog window to the user instead of a toast notification | No |
| When a deployment requires a restart, allow low-rights users to restart a device running Windows Server | No |
Delivery Optimization
|
| Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID | No |
| Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download | No |
Endpoint Protection
|
| Manage Endpoint Protection client on client computers | Yes |
| Install Endpoint Protection client on client computers | Yes |
| Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation. | No |
| For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart) | Yes |
| Suppress any required computer restarts after the Endpoint Protection client is installed | Yes |
| Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours) | 24 |
| Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers | Yes |
Hardware Inventory
|
| Enable hardware inventory on clients | Yes |
| Hardware inventory schedule | Occurs every 7 days effective 2/1/1970 12:00 AM |
| Maximum random delay (minutes) | 240 |
| Hardware inventory classes | Default inventory classes |
Metered Internet Connections
|
| Client communication on metered Internet connections | Block |
Enrollment
|
| Polling interval for modern devices (minutes) | 1440 |
| Allow users to enroll mobile devices and Mac computers | No |
| Enrollment Profile | (none) |
| Allow users to enroll modern devices | No |
| Modern device enrollment profile | (none) |
Power Management Anchor |
---|
| PowerManagement |
---|
| PowerManagement |
---|
|
|
| Allow power management of devices | Yes |
| Allow users to exclude their device from power management | No |
| Allow network wake-up | Not configured |
| Enable wake-up proxy | No |
| Wake-up proxy port number (UDP) | 25536 |
| Wake on LAN port number (UDP) | 9 |
| Windows Defender Firewall exception for wake-up proxy | Disabled |
| IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries. |
|
|
| Firewall exception profiles | N/A |
| Users can change policy or notification settings in Software Center | No |
| Allow remote control of an unattended computer | Yes |
| Prompt user for Remote Control permission | Yes |
| Prompt user for permission to transfer content from share clipboard | No |
| Grant Remote Control permission to local Administrators group | Yes |
| Access level allowed | Full Control |
| Permitted viewers of Remote Control and Remote Assistance | (none) |
| Show session notification icon on taskbar | Yes |
| Show session connection bar | Yes |
| Play sound on client | Beginning and end of session |
| Manage unsolicited Remote Assistance settings | No |
| Manage solicited Remote Assistance settings | No |
| Level of access for Remote Assistance | None |
| Manage Remote Desktop settings | No |
| Allow permitted viewers to connect by using Remote Desktop connection | No |
| Require network level authentication | Yes |
Software Center Anchor |
---|
| SoftwareCenter |
---|
| SoftwareCenter |
---|
|
|
| Select the user portal | Software Center |
| Select these new settings to specify company information | Yes |
| Software Center settings | |
Software Deployment
|
| Schedule re-evaluation for deployments | Occurs every 7 days effective 02/01/1970 12:00 AM |
Software Inventory
|
| Enable software inventory on clients | Yes |
| Schedule software inventory and file collection | Occurs every 7 days effective 05/19/2019 12:00 AM |
| Inventory reporting detail | Full details |
| Inventory these files types | (none) |
| Collect files | (none) |
Software Metering
|
| Enable software metering on clients | Yes |
| Schedule data collection | Occurs every 7 days effective 02/01/1970 12:00 AM |
Software Updates
|
| Enable software updates on clients | Yes |
| Software update scan schedule | Occurs every 1 days effective 04/07/2022 3:30 PM |
| Schedule deployment re-evaluation | Occurs every 1 days effective 04/07/2022 4:00 PM |
| Allow user proxy for software update scans | No |
| Enforce TLS certificate pinning for Windows Update client for detecting updates | Yes |
| When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time | No |
| Period of time for which all pending deployments with deadline in this time will also be installed | 1 Hours |
| Allow clients to download delta content when available | No |
| Port that clients use to receive requests for delta content | 8005 |
| If delta content is unavailable from distribution points in the current boundary group, immediately fall back to a neighbor or the site default | No |
| Enable management of the Office 365 Client Agent | Yes |
| Enable update notifications from Microsoft 365 Apps | No |
| Enable installation of software updates in "All deployments" maintenance window when "Software update" maintenance window is available | No |
| Specify thread priority for feature updates | Not Configured |
| Enable third party software updates | Yes |
| Enable Dynamic Update for feature updates | Not Configured |
State Messaging
|
| State message reporting cycle (minutes) | 15 |
User and Device Affinity
|
| User device affinity usage threshold (minutes) | 2880 |
| User device affinity usage threshold (days) | 30 |
| Automatically configure user device affinity from usage data | No |
| Allow user to define their primary devices | No |
Windows Diagnostic Data
|
| Manage Windows telemetry settings with Configuration Manager | No |
| Commercial ID key: |
|
| Windows 10 telemetry | Required |
| Windows 8.1 and earlier telemetry: | Disable |
| Enable Windows 8.1 and earlier Internet Explorer data collection for: | Disable |