question

WolfgangHenningzbitsGmbH-5013 avatar image
0 Votes"
WolfgangHenningzbitsGmbH-5013 asked AllenLiu-MSFT answered

Client Settings - MECM / SCCM

Hey folks,
we are facing a technical question regarding the real function of the client settings in MECM.
We want to understand, how did the MECM agent enforce the custom client settings on the Windows 10 Client?
We didn't found any hint how this mechanism really works.
Are there only registry keys which are set, or are their local GPO's, or what the heck is the underlaying mechanism?
best regards

mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

All client policy is delivered in the form of an XML file from the MP and stored in WMI on the client. How each setting is ultimately enforced is setting specific though. The vast majority of settings are not group policies at all but are ConfigMgr specific and thus don't make it anywhere else (outside of WMI). Sometimes the values are stored in the registry as well, but as noted, it totally depends on the setting itself.

What challenge(s) are you trying to address?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WolfgangHenningzbitsGmbH-5013 avatar image
0 Votes"
WolfgangHenningzbitsGmbH-5013 answered

Hi Jason,
if a client had a config mgr agent installed in the past and the default client settings option "automatically register new Windows 10 domain joined devices with Azure Active Directory" was set to "no", the client can't make the azure AD Join successfully, although we uninstalled the config mgr agent. A Domain GPO said for Domain Joined Clients they should make the hybrid azure ad join. But it seems the client settings from the removed config mgr agent ist already present on the system.
Is their a way to remove such client settings which where prior set by config manager?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

To my knowledge, that setting specifically is a local group policy configured by the ConfigMgr agent that I would expect/hope is removed when the agent is removed. Either way though, a domain -based group policy will 100% override this so there is almost certainly more going on here. Have you reviewed the event logs and the troubleshooting tasks at https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @WolfgangHenningzbitsGmbH-5013
Thank you for posting in Microsoft Q&A forum.
Try to Enable the group policy: Register domain-joined computers as devices under Computer Configuration – Administrative Templates – Windows Components – Device Registration.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.