关于 Configuration Manager 中的客户端设置About client settings in Configuration Manager

适用范围:Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

通过“管理”工作区中的“客户端设置”节点来管理 Configuration Manager 控制台中的所有客户端设置 。Manage all client settings in the Configuration Manager console from the Client Settings node in the Administration workspace. Configuration Manager 附带一组默认设置。Configuration Manager comes with a set of default settings. 如果更改默认的客户端设置,则这些设置将应用于层次结构中的所有客户端。When you change the default client settings, these settings are applied to all clients in the hierarchy. 你也可以配置自定义客户端设置,当将这些设置分配给集合时,它们将替代默认客户端设置。You can also configure custom client settings, which override the default client settings when you assign them to collections. 有关详细信息,请参阅如何配置客户端设置For more information, see How to configure client settings.

下列部分更详细地描述了设置和选项。The following sections describe settings and options in further detail.

后台智能传输服务(BITS)Background Intelligent Transfer Service (BITS)

限制 BITS 后台传输的最大网络带宽Limit the maximum network bandwidth for BITS background transfers

当此选项为“是”时,客户端使用 BITS 带宽限制。When this option is Yes, clients use BITS bandwidth throttling. 若要在此组中配置其他设置,则必须启用此设置。To configure the other settings in this group, you must enable this setting.

限制时段开始时间Throttling window start time

指定 BITS 限制时段的本地开始时间。Specify the local start time for the BITS throttling window.

限制时段结束时间Throttling window end time

指定 BITS 限制时段的本地结束时间。Specify the local end time for the BITS throttling window. 如果结束时间与“限制时段开始时间”相等,则会始终启用 BITS 限制。If the end time is equal to the Throttling window start time, BITS throttling is always enabled.

限制时段期间的最大传输速率(Kbps)Maximum transfer rate during throttling window (Kbps)

指定客户端在此时段可以使用的最大传输速率。Specify the maximum transfer rate that clients can use during the window.

允许 BITS 在限制时段外下载Allow BITS downloads outside the throttling window

允许客户端使用指定时段外的单独 BITS 设置。Allow clients to use separate BITS settings outside the specified window.

限制时段外的最大传输速率(Kbps)Maximum transfer rate outside the throttling window (Kbps)

指定客户端可在 BITS 限制时段外使用的最大传输速率。Specify the maximum transfer rate that clients can use outside the BITS throttling window.

客户端缓存设置Client cache settings

配置 BranchCacheConfigure BranchCache

设置客户端计算机的 Windows BranchCacheSet up the client computer for Windows BranchCache. 若要允许客户端上的 BranchCache 缓存,请将“启用 BranchCache”设置为“是”。To allow BranchCache caching on the client, set Enable BranchCache to Yes.

  • 启用 BranchCache:在客户端计算机上启用 BranchCache。Enable BranchCache: Enables BranchCache on client computers.

  • 最大 BranchCache 缓存大小(占磁盘的百分比) :允许 BranchCache 使用的磁盘百分比。Maximum BranchCache cache size (percentage of disk): The percentage of the disk that you allow BranchCache to use.

提示

如果将“配置 BranchCache”设置为“否”,则 Configuration Manager 不会配置任何 BranchCache 设置。If you set Configure BranchCache to No, then Configuration Manager doesn't configure any BranchCache settings.

若要禁用 BranchCache,请将“配置 BranchCache”设置为“是”,然后将“启用 BranchCache”设置为“否”。To disable BranchCache, set Configure BranchCache to Yes, and then set Enable BranchCache to No.

配置客户端缓存大小Configure client cache size

Windows 计算机上的 Configuration Manager 客户端缓存会存储用于安装应用程序和程序的临时文件。The Configuration Manager client cache on Windows computers stores temporary files used to install applications and programs. 如果此选项设置为“否”,则默认大小为 5,120 MB。If this option is set to No, the default size is 5,120 MB.

如果选择“是”,则指定:If you choose Yes, then specify:

  • 最大缓存大小 (MB)Maximum cache size (MB)
  • 最大缓存大小(占磁盘的百分比) :客户端缓存大小可扩展到最大大小(按 MB 或磁盘百分比指定),以较小者为准。Maximum cache size (percentage of disk): The client cache size expands to the maximum size in megabytes (MB), or the percentage of the disk, whichever is less.

启用为对等缓存源Enable as peer cache source

备注

在版本 1902 及更早版本中,此设置称为“在完整的 OS 中启用 Configuration Manager 客户端以共享内容”。In version 1902 and earlier, this setting was named Enable Configuration Manager client in full OS to share content. 此设置的行为不会发生变化。The behavior of the setting didn't change.

启用用于 Configuration Manager 客户端的对等缓存Enables peer cache for Configuration Manager clients. 选择“是”,然后指定客户端通过其与对等计算机通信的端口。Choose Yes, and then specify the port through which the client communicates with the peer computer.

  • 用于初始网络广播的端口(默认 UDP 8004):Configuration Manager 在 Windows PE 或完整的 Windows OS 中使用此端口。Port for initial network broadcast (default UDP 8004): Configuration Manager uses this port in Windows PE or the full Windows OS. Windows PE 中的任务序列引擎先发送广播来获取内容位置,再启动任务序列。The task sequence engine in Windows PE sends the broadcast to get content locations before it starts the task sequence.

  • 用于从对等机下载内容的端口(默认 TCP 8003):Configuration Manager 会自动配置 Windows 防火墙规则以允许此流量。Port for content download from peer (default TCP 8003): Configuration Manager automatically configures Windows Firewall rules to allow this traffic. 如果使用其他防火墙,则必须手动配置规则以允许此流量。If you use a different firewall, you must manually configure rules to allow this traffic.

    有关详细信息,请参阅用于连接的端口For more information, see Ports used for connections.

可以删除缓存内容前的最短持续时间(以分钟为单位)Minimum duration before cached content can be removed (minutes)

从版本 1906 开始,可以指定 Configuration Manager 客户端保留缓存内容的最短时间。Starting in version 1906, specify the minimum time for the Configuration Manager client to keep cached content. 此客户端设置定义了在需要更多空间的情况下,Configuration Manager 代理可以从缓存中删除内容之前应等待的最短时间。This client setting defines the minimum amount of time Configuration Manager agent should wait before it can remove content from the cache in case more space is needed.

默认情况下,此值为 1,440 分钟(24 小时)。By default this value is 1,440 minutes (24 hours). 此设置的最大值为 10,080 分钟(1 周)。The maximum value for this setting is 10,080 minutes (one week).

使用此设置,可以更好地控制不同类型设备上的客户端缓存。This setting gives you greater control over the client cache on different types of devices. 可以减小具有小型硬盘驱动器的客户端的值,并且在另一个部署运行之前不需要保留现有内容。You might reduce the value on clients that have small hard drives and don't need to keep existing content before another deployment runs.

客户端策略Client policy

客户端策略轮询间隔(分钟)Client policy polling interval (minutes)

指定以下 Configuration Manager 客户端下载客户端策略的频率:Specifies how frequently the following Configuration Manager clients download client policy:

  • Windows 计算机(例如,台式机、服务器、便携计算机)Windows computers (for example, desktops, servers, laptops)
  • Configuration Manager 注册的移动设备Mobile devices that Configuration Manager enrolls
  • Mac 计算机Mac computers
  • 运行 Linux 或 UNIX 的计算机Computers that run Linux or UNIX

此值默认为 60 分钟。This value is 60 minutes by default. 减小此值会增加客户端对站点的轮询频率。Reducing this value causes clients to poll the site more frequently. 如果有许多客户端,此行为可能会对站点性能产生负面影响。With many clients, this behavior can have a negative impact on the site performance. 大小和缩放指南是以默认值为依据。The size and scale guidance is based on the default value. 增加此值会减少客户端对站点的轮询频率。Increasing this value causes clients to poll the site less often. 客户端需要更长时间来下载和处理客户端策略的任何更改(包括新部署)。Any changes to client policies, including new deployments, take longer for clients to download and process.

在客户端上启用用户策略Enable user policy on clients

如果此选项设置为“是”并且使用用户发现,客户端会接收面向登录用户的应用程序和程序。When you set this option to Yes, and use user discovery, then clients receive applications and programs targeted to the signed-in user.

如果此设置为“否”,则用户不会收到你为用户部署的所需应用程序。If this setting is No, users don't receive required applications that you deploy to users. 用户也不会收到用户策略中的任何其他管理任务。Users also don't receive any other management tasks in user policies.

当用户的计算机位于 Intranet 或 Internet 时,此设置会应用到用户。This setting applies to users when their computer is on either the intranet or the internet. 如果还想在 Internet 上启用用户策略,则此设置必须为“是”。It must be Yes if you also want to enable user policies on the internet.

备注

从版本 1906 开始,更新后的客户端自动使用管理点进行用户可用应用程序部署。Starting in version 1906, updated clients automatically use the management point for user-available application deployments. 无法安装新的应用程序目录角色。You can't install new application catalog roles.

如果仍使用应用程序目录,它会从站点服务器接收用户的可用软件列表。If you're still using the application catalog, it receives the list of available software for users from the site server. 因此,此设置不必为“是”,用户也可从应用程序目录中查看和请求应用程序。Thus, this setting doesn't have to be Yes for users to see and request applications from the application catalog. 如果此设置为“否”,则用户无法安装他们在应用程序目录中看到的应用程序。If this setting is No, users can't install the applications that they see in the application catalog.

启用来自 Internet 客户端的用户策略请求Enable user policy requests from internet clients

将此选项设置为“是”,以便用户接收到基于 Internet 的计算机上的用户策略。Set this option to Yes for users to receive the user policy on internet-based computers. 此外还需要满足以下要求:The following requirements also apply:

如果将此选项设置为“否”,或不满足之前的任何一个条件,则 Internet 上的计算机将仅收到计算机策略。If you set this option to No, or any of the previous requirements aren't met, then a computer on the internet only receives computer policies. 在此情况下,用户仍然能够查看、请求和安装基于 Internet 的应用程序目录中的应用程序。In this scenario, users can still see, request, and install applications from an internet-based application catalog. 如果此设置为“否”,但“在客户端上启用用户策略”为“是”,则在计算机连接到 Intranet 之前,用户不会收到用户策略 。If this setting is No, but Enable user policy on clients is Yes, users don't receive user policies until the computer is connected to the intranet.

备注

对于基于 Internet 的客户端管理,来自用户的应用程序批准请求不需要用户策略或用户身份验证。For internet-based client management, application approval requests from users don't require user policies or user authentication. 云管理网关不支持应用程序批准请求。The cloud management gateway doesn't support application approval requests.

为多个用户会话启用用户策略Enable user policy for multiple user sessions

适用于版本 1910Applies to version 1910

默认情况下,此设置处于禁用状态。By default, this setting is disabled. 即使启用了用户策略,从版本 1906 开始,客户端在任何允许多个并发活动用户会话的设备上也默认禁用这些策略。Even if you enable user policies, starting in version 1906 the client disables them by default on any device that allows multiple concurrent active user sessions. 例如,Windows 虚拟桌面中的终端服务器或 Windows 10 企业版多会话。For example, terminal servers or Windows 10 Enterprise multi-session in Windows Virtual Desktop.

客户端仅在新的安装期间检测到此类设备时才会禁用用户策略。The client only disables user policy when it detects this type of device during a new installation. 对于已更新到 1906 或更高版本的现有此类客户端而言,以前的行为仍然存在。For an existing client of this type that you update to version 1906 or later, the previous behavior persists. 在现有设备上,即使检测到设备支持多个用户会话,它也会配置用户策略设置。On an existing device, it configures the user policy setting even if it detects that the device allows multiple user sessions.

如果在此方案中需要用户策略,并且接受任何潜在的性能影响,请启用此客户端设置。If you require user policy in this scenario, and accept any potential performance impact, enable this client setting.

云服务Cloud services

允许访问云分发点Allow access to cloud distribution point

将此选项设置为“是”,以便客户端从云分发点获取内容。Set this option to Yes for clients to obtain content from a cloud distribution point. 此设置不需要设备基于 Internet。This setting doesn't require the device to be internet-based.

在 Azure Active Directory 中自动注册已加入域的新 Windows 10 设备Automatically register new Windows 10 domain joined devices with Azure Active Directory

配置 Azure Active Directory 支持混合联接时,Configuration Manager 会针对此功能配置 Windows 10 设备。When you configure Azure Active Directory to support hybrid join, Configuration Manager configures Windows 10 devices for this functionality. 有关详细信息,请参阅如何配置混合 Azure Active Directory 联接设备For more information, see How to configure hybrid Azure Active Directory joined devices.

允许客户端使用云管理网关Enable clients to use a cloud management gateway

默认情况下,所有 Internet 漫游客户端均使用任何可用的云管理网关By default, all internet-roaming clients use any available cloud management gateway. 有关何时将此设置配置为“否”的一个示例就是了解服务的使用情况,例如在试点项目期间或为了节省成本。An example of when to configure this setting to No is to scope usage of the service, such as during a pilot project or to save costs.

符合性设置Compliance settings

启用在客户端上的符合性评估Enable compliance evaluation on clients

将此选项设置为“是”,以在此组中配置其他设置。Set this option to Yes to configure the other settings in this group.

计划符合性评估Schedule compliance evaluation

选择“计划”,创建配置基线部署的默认计划。Select Schedule to create the default schedule for configuration baseline deployments. 可在“部署配置基线”对话框中为每个基线配置此值。This value is configurable for each baseline in the Deploy Configuration Baseline dialog box.

启用用户数据和配置文件Enable User Data and Profiles

如果希望部署用户数据和配置文件配置项目,请选择“是”。Choose Yes if you want to deploy user data and profiles configuration items.

计算机代理Computer agent

所需部署的用户通知User notifications for required deployments

有关以下三个设置的详细信息,请参阅所需部署的用户通知For more information about the following three settings, see User notifications for required deployments:

  • 部署截止时间大于 24 小时,每(小时)提醒用户Deployment deadline greater than 24 hours, remind user every (hours)
  • 部署截止时间少于 24 小时,每(小时)提醒用户Deployment deadline less than 24 hours, remind user every (hours)
  • 部署截止时间少于 1 小时,每(分钟)提醒用户Deployment deadline less than 1 hour, remind user every (minutes)

默认应用程序目录网站点Default Application Catalog website point

重要

从 Current Branch 版本 1806 开始,不支持应用程序目录的 Silverlight 用户体验。The application catalog's Silverlight user experience isn't supported as of current branch version 1806. 自版本 1906 起,更新后的客户端自动使用管理点进行用户可用的应用程序部署。Starting in version 1906, updated clients automatically use the management point for user-available application deployments. 仍然无法安装新的应用程序目录角色。You also can't install new application catalog roles. 版本 1910 已终止对应用程序目录角色的支持。Support ends for the application catalog roles with version 1910.

有关详细信息,请参阅下列文章:For more information, see the following articles:

Configuration Manager 使用此设置将用户连接到软件中心中的应用程序目录。Configuration Manager uses this setting to connect users to the application catalog from Software Center. 选择“设置网站”,指定托管应用程序目录网站点的服务器。Select Set Website to specify a server that hosts the application catalog website point. 输入其 NetBIOS 名称或 FQDN,指定自动检测,或指定自定义部署的 URL。Enter its NetBIOS name or FQDN, specify automatic detection, or specify a URL for customized deployments. 在大多数情况下,自动检测是最佳选择。In most cases, automatic detection is the best choice.

向 Internet Explorer 受信任的站点区域添加默认应用程序目录网站Add default Application Catalog website to Internet Explorer trusted sites zone

重要

从 Current Branch 版本 1806 开始,不支持应用程序目录的 Silverlight 用户体验。The application catalog's Silverlight user experience isn't supported as of current branch version 1806. 自版本 1906 起,更新后的客户端自动使用管理点进行用户可用的应用程序部署。Starting in version 1906, updated clients automatically use the management point for user-available application deployments. 仍然无法安装新的应用程序目录角色。You also can't install new application catalog roles. 版本 1910 已终止对应用程序目录角色的支持。Support ends for the application catalog roles with version 1910.

有关详细信息,请参阅下列文章:For more information, see the following articles:

如果此选项为“是”,则客户端会将当前默认的应用程序目录网站 URL 自动添加到 Internet Explorer 受信任的站点区域。If this option is Yes, the client automatically adds the current default application catalog website URL to the Internet Explorer trusted sites zone.

此设置确保不启用 Internet Explorer 的“保护模式”设置。This setting ensures that the Internet Explorer setting for Protected Mode isn't enabled. 如果启用“保护模式”,则 Configuration Manager 客户端可能无法安装应用程序目录中的应用程序。If Protected Mode is enabled, the Configuration Manager client might not be able to install applications from the application catalog. 默认情况下,受信任的站点区域还支持应用程序目录用户登录,这需要 Windows 身份验证。By default, the trusted sites zone also supports user sign-in for the application catalog, which requires Windows authentication.

如果将此选项保留为“否”,则 Configuration Manager 客户端可能无法安装应用程序目录中的应用程序。If you leave this option as No, Configuration Manager clients might not be able to install applications from the application catalog. 替代方法是在客户端使用的应用程序目录 URL 的另一个区域中配置这些 Internet Explorer 设置。An alternative method is to configure these Internet Explorer settings in another zone for the application catalog URL that clients use.

允许 Silverlight 应用程序在提升的信任模式下运行Allow Silverlight applications to run in elevated trust mode

重要

客户端不自动安装 Silverlight。The client doesn't automatically install Silverlight.

从版本 1806 开始,应用程序目录网站点的 Silverlight 用户体验不再受支持。Starting in version 1806, the Silverlight user experience for the application catalog website point is no longer supported. 用户应使用新的软件中心。Users should use the new Software Center. 有关详细信息,请参阅配置软件中心For more information, see Configure Software Center.

此设置必须为“是”,以便用户使用应用程序目录。This setting must be Yes for users to use the application catalog.

如果更改此设置,则当用户下次加载其浏览器或刷新其当前打开的浏览器窗口时,更改将生效。If you change this setting, it takes effect when users next load their browser, or refresh their currently opened browser window.

有关此设置的详细信息,请参阅 Microsoft Silverlight 5 的证书以及应用程序目录所需的提升的信任模式For more information about this setting, see Certificates for Microsoft Silverlight 5, and elevated trust mode required for the application catalog.

软件中心中显示的组织名称Organization name displayed in Software Center

键入用户在软件中心中看到的名称。Type the name that users see in Software Center. 此品牌信息有助于用户将此应用程序识别为受信任的源。This branding information helps users to identify this application as a trusted source. 有关此设置优先级的详细信息,请参阅软件中心品牌打造For more information about the priority of this setting, see Branding Software Center.

使用新的软件中心Use new Software Center

默认设置为“是”。The default setting is Yes.

如果将此选项设置为“是”,则所有客户端计算机均使用软件中心。When you set this option to Yes, then all client computers use the Software Center. 软件中心显示你部署到用户或设备的软件、软件更新和任务序列。Software Center shows software, software updates, and task sequences that you deploy to users or devices.

启用与运行状况证明服务的通信Enable communication with Health Attestation Service

将此选项设置为“是”,以便 Windows 10 设备使用运行状况证明Set this option to Yes for Windows 10 devices to use Health attestation. 启用此设置时,还可配置以下设置。When you enable this setting, the following setting is also available for configuration.

使用本地运行状况证明服务Use on-premises Health Attestation Service

将此选项设置为“是”,以便设备使用本地服务。Set this option to Yes for devices to use an on-premises service. 设置为“否”,以便设备使用 Microsoft 基于云的服务。Set to No for devices to use the Microsoft cloud-based service.

安装权限Install permissions

配置用户安装软件、软件更新和任务序列的方式:Configure how users can install software, software updates, and task sequences:

  • 所有用户:除“来宾”之外的拥有任何权限的用户。All Users: Users with any permission except Guest.

  • 仅限管理员:用户必须是本地管理员组的成员。Only Administrators: Users must be a member of the local Administrators group.

  • 仅限管理员和主要用户:用户必须是本地管理员组的成员或计算机的主要用户。Only Administrators and primary users: Users must be a member of the local Administrators group, or a primary user of the computer.

  • 无用户:登录到客户端计算机的用户无法安装软件、软件更新和任务序列。No Users: No users signed in to a client computer can install software, software updates, and task sequences. 计算机的必需部署始终在截止日期安装。Required deployments for the computer always install at the deadline. 用户无法通过软件中心安装软件。Users can't install software from Software Center.

重新启动时挂起 Bitlocker PIN 项Suspend BitLocker PIN entry on restart

如果计算机需要 BitLocker PIN 条目,则在软件安装之后重启计算机时,此选项可以略过输入 PIN 的要求。If computers require BitLocker PIN entry, then this option bypasses the requirement to enter a PIN when the computer restarts after a software installation.

  • 始终:在安装需要重启的软件并重启计算机之后,Configuration Manager 会临时暂停 BitLocker。Always: Configuration Manager temporarily suspends BitLocker after it has installed software that requires a restart, and it restarts the computer. 仅当 Configuration Manager 重启计算机时,此设置才适用。This setting only applies when Configuration Manager restarts the computer. 当用户重启计算机时,此设置不会暂停输入 BitLocker PIN 的要求。This setting doesn't suspend the requirement to enter the BitLocker PIN when the user restarts the computer. 在 Windows 启动后恢复 BitLocker PIN 输入要求。The BitLocker PIN entry requirement resumes after Windows startup.

  • 从不:在安装需要重启的软件之后,Configuration Manager 不会暂停 BitLocker。Never: Configuration Manager doesn't suspend BitLocker after it has installed software that requires a restart. 在此情况下,直到用户输入 PIN 来完成标准启动过程并加载 Windows,才能完成软件安装。In this scenario, the software installation can't finish until the user enters the PIN to complete the standard startup process and load Windows.

其他用于管理应用程序部署和软件更新的软件Additional software manages the deployment of applications and software updates

只有在下列条件之一成立时才启用此选项:Enable this option only if one of the following conditions applies:

  • 你使用需要启用此设置供应商解决方案。You use a vendor solution that requires this setting to be enabled.

  • 使用 Configuration Manager 软件开发工具包 (SDK),管理客户端代理通知以及应用程序和软件更新的安装。You use the Configuration Manager software development kit (SDK) to manage client agent notifications, and the installation of applications and software updates.

警告

  • 如果在任一条件都不适用时选择此选项,则客户端不会安装软件更新和所需的应用程序。If you choose this option when neither of these conditions apply, the client doesn't install software updates and required applications. 此设置不会阻止用户从软件中心安装可用软件(包括应用程序、包和任务序列)。This setting doesn't prevent users from installing available software from Software Center, including applications, packages, and task sequences.
  • 若启用此设置,客户端上不会出现新软件或所需软件的 toast 通知。When you enable this setting, toast notifications for new software or required software don't occur on clients.

PowerShell 执行策略PowerShell execution policy

配置 Configuration Manager 客户端运行 Windows PowerShell 脚本的方式。Configure how Configuration Manager clients can run Windows PowerShell scripts. 这些脚本可能用于检测配置项目中的符合性设置。You might use these scripts for detection in configuration items for compliance settings. 还可以在部署中以标准脚本的形式发送脚本。You might also send the scripts in a deployment as a standard script.

  • 不使用:Configuration Manager 客户端在客户端计算机上不使用 Windows PowerShell 配置,以便未签名的脚本可以运行。Bypass: The Configuration Manager client bypasses the Windows PowerShell configuration on the client computer, so that unsigned scripts can run.

  • 受限:Configuration Manager 客户端在客户端计算机上使用当前的 PowerShell 配置。Restricted: The Configuration Manager client uses the current PowerShell configuration on the client computer. 这些配置可确定未签名的脚本是否可以运行。This configuration determines whether unsigned scripts can run.

  • 已全部签名:只有当受信任的发行者对脚本进行了签名,Configuration Manager 客户端才能运行这些脚本。All Signed: The Configuration Manager client runs scripts only if a trusted publisher has signed them. 系统将应用此限制,而与客户端计算机上的当前 PowerShell 配置无关。This restriction applies independently from the current PowerShell configuration on the client computer.

此选项至少需要 Windows PowerShell 版本 2.0。This option requires at least Windows PowerShell version 2.0. 默认值为“已全部签名”。The default is All Signed.

提示

如果由于此客户端设置的缘故而无法运行未签名的脚本,则 Configuration Manager 会用以下方法报告此错误:If unsigned scripts fail to run because of this client setting, Configuration Manager reports this error in the following ways:

  • 控制台中的“监视”工作区显示部署状态错误 ID“0x87D00327”。The Monitoring workspace in the console displays deployment status error ID 0x87D00327. 还显示“脚本未签名”说明。It also displays the description Script is not signed.
  • 报表显示错误类型“发现错误”。Reports display the error type Discovery Error. 然后报表显示错误代码“0x87D00327”和“脚本未签名”说明,或错误代码“0x87D00320”和“尚未安装脚本宿主”说明。Then reports display either error code 0x87D00327 and the description Script is not signed, or error code 0x87D00320 and the description The script host has not been installed yet. 其中一个示例报表为:“资产配置基线中配置项目的错误详细信息”。An example report is: Details of errors of configuration items in a configuration baseline for an asset.
  • DcmWmiProvider.log 文件显示消息:脚本未签名(错误: 87D00327;源: CCM)The DcmWmiProvider.log file displays the message Script is not signed (Error: 87D00327; Source: CCM).

显示关于新部署的通知Show notifications for new deployments

选择“是”可显示未来一周内的部署的通知。Choose Yes to display a notification for deployments available for less than a week. 此消息会在客户端代理每次启动时显示。This message appears each time the client agent starts.

禁用截止时间随机化Disable deadline randomization

达到部署截止时间后,此设置确定客户端是否使用长达两个小时的激活延迟来安装所需的软件更新。After the deployment deadline, this setting determines whether the client uses an activation delay of up to two hours to install required software updates. 默认情况下,激活延迟处于禁用状态。By default, the activation delay is disabled.

对于虚拟桌面基础结构 (VDI) 情况,此延迟有助于为具有多个虚拟机的主机分发 CPU 处理和数据传输。For virtual desktop infrastructure (VDI) scenarios, this delay helps distribute the CPU processing and data transfer for a host machine with multiple virtual machines. 即使不使用 VDI,许多客户端同时安装相同更新也可能会增加站点服务器上的 CPU 使用率,造成负面影响。Even if you don't use VDI, having many clients installing the same updates at the same time can negatively increase CPU usage on the site server. 此行为还会减慢分发点的速度,大大减小可用网络带宽。This behavior can also slow down distribution points, and significantly reduce the available network bandwidth.

如果达到部署截止时间时,客户端必需毫不延迟地安装所需软件更新,请将此设置配置为“是”。If clients must install required software updates at the deployment deadline without delay, then configure this setting to Yes.

部署截止日期后强制的宽限期(小时)Grace period for enforcement after deployment deadline (hours)

若要宽限用户更多时间(超过截止时间)来安装所需的应用程序或软件更新部署,请设置此选项的值。If you want to give users more time to install required application or software update deployments beyond the deadline, set a value for this option. 此宽限期适用于计算机延期关闭以及用户需要安装大量应用程序或更新部署的情况。This grace period is for a computer turned off for an extended time, and the user needs to install many application or update deployments. 例如,如果用户休假回来,客户端安装的应用程序部署已过期,而需要等待很长时间,此设置将有所帮助。For example, this setting is helpful if a user returns from vacation, and has to wait for a long time while the client installs overdue application deployments.

设置介于 0 和 120 小时之间的宽限期。Set a grace period of 0 to 120 hours. 将此设置和“根据用户偏好延迟此强制部署”的部署属性结合使用。Use this setting along with the deployment property Delay enforcement of this deployment according to user preferences. 有关详细信息,请参阅部署应用程序For more information, see Deploy applications.

启用终结点分析数据收集Enable Endpoint analytics data collection

在客户端上启用本地数据收集以上传到终结点分析。Enables local data collection on the client for upload to Endpoint analytics. 若要配置用于本地数据收集的设备,请设置为“是”。Set to Yes to configure devices for local data collection. 若要禁用本地数据收集,请设置为“否”。Set to No to disable local data collection. 有关详细信息,请参阅向终结点分析注册 Configuration Manager 设备For more information, see Enroll Configuration Manager devices into Endpoint analytics.

计算机重启Computer restart

有关这些设置的详细信息,请参阅设备重启通知For more information about these settings, see Device restart notifications.

传递优化Delivery Optimization

使用 Configuration Manager 边界组来定义和控制跨公司网络和到远程办公室的内容分发。You use Configuration Manager boundary groups to define and regulate content distribution across your corporate network and to remote offices. Windows 传递优化是一种基于云的对等技术,用于在 Windows 10 设备之间共享内容。Windows Delivery Optimization is a cloud-based, peer-to-peer technology to share content between Windows 10 devices. 配置传递优化以在对等方之间共享内容时使用边界组。Configure Delivery Optimization to use your boundary groups when sharing content among peers.

备注

  • 传递优化仅可用于 Windows 10 客户端。Delivery Optimization is only available on Windows 10 clients.
  • 要利用其对等功能,需具有对传递优化云服务的 Internet 访问。Internet access to the Delivery Optimization cloud service is a requirement to utilize its peer-to-peer functionality. 有关所需的 Internet 终结点的信息,请参阅有关传递优化的常见问题For information about the needed internet endpoints, see Frequently asked questions for Delivery Optimization.
  • 将 CMG 用于内容存储时,如果“在有可用内容时下载增量内容”客户端设置已启用,则第三方更新内容不会下载到客户端。When using a CMG for content storage, the content for third-party updates won't download to clients if the Download delta content when available client setting is enabled.

将 Configuration Manager 边界组用于交付优化组 IDUse Configuration Manager Boundary Groups for Delivery Optimization Group ID

选择“是”将边界组标识符用作客户端上的传递优化组标识符。Choose Yes to apply the boundary group identifier as the Delivery Optimization group identifier on the client. 当客户端与传递优化云服务进行通信时,它使用此标识符来查找具有内容的对等方。When the client communicates with the Delivery Optimization cloud service, it uses this identifier to locate peers with the content. 启用此设置还会将目标客户端上的传递优化下载模式设置为“组(2)”选项。Enabling this setting also sets the Delivery Optimization download mode to the Group (2) option on targeted clients.

备注

Microsoft 建议让客户端通过本地策略(而不是通过组策略)来配置此设置。Microsoft recommends allowing the client to configure this setting via local policy rather than group policy. 这样就可将边界组标识符设置为客户端上的传递优化组标识符。This allows the boundary group identifier to be set as the Delivery Optimization group identifier on the client. 有关详细信息,请参阅传递优化For more information, see Delivery Optimization.

使 Configuration Manager 托管的设备可使用 Microsoft Connected Cache 服务器来下载内容Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download

选择“是”以允许客户端从用作 Microsoft Connected Cache 服务器的本地分发点下载内容。Choose Yes to allow clients to download content from an on-premises distribution point that you enable as a Microsoft Connected Cache server. 有关详细信息,请参阅 Configuration Manager 中的 Microsoft Connected CacheFor more information, see Microsoft Connected Cache in Configuration Manager.

Endpoint ProtectionEndpoint Protection

提示

除了以下信息,还可以在示例方案:使用 Endpoint Protection 来保护计算机免受恶意软件攻击中查找关于使用 Endpoint Protection 客户端设置的详细信息。In addition to the following information, you can find details about using Endpoint Protection client settings in Example scenario: Using Endpoint Protection to protect computers from malware.

在客户端计算机上管理 Endpoint Protection 客户端Manage Endpoint Protection client on client computers

若要在层次结构中的计算机上管理现有的 Endpoint Protection 和 Windows Defender 客户端,请选择“是”。Choose Yes if you want to manage existing Endpoint Protection and Windows Defender clients on computers in your hierarchy.

如果已经安装了 Endpoint Protection 客户端并且想要使用 Configuration Manager 来管理它,请选择此选项。Choose this option if you've already installed the Endpoint Protection client, and want to manage it with Configuration Manager. 此单独安装包括使用 Configuration Manager 应用程序或包和程序的脚本化进程。This separate installation includes a scripted process that uses a Configuration Manager application or package and program. Windows 10 设备不需要安装 Endpoint Protection 代理。Windows 10 devices don't need to have the Endpoint Protection agent installed. 但是,这些设备仍需启用“管理客户端计算机上的 Endpoint Protection 客户端”。However, those devices will still need Manage Endpoint Protection client on client computers enabled.

在客户端计算机上安装 Endpoint Protection 客户端Install Endpoint Protection client on client computers

选择“是”可在尚未运行该客户端的客户端计算机上安装和启用 Endpoint Protection 客户端。Choose Yes to install and enable the Endpoint Protection client on client computers that aren't already running the client. Windows 10 客户端不需要安装 Endpoint Protection 代理。Windows 10 clients don't need to have the Endpoint Protection agent installed.

备注

如果已安装 Endpoint Protection 客户端,选择“否”不会卸载 Endpoint Protection 客户端。If the Endpoint Protection client is already installed, choosing No doesn't uninstall the Endpoint Protection client. 要卸载 Endpoint Protection 客户端,请将“在客户端计算机上管理 Endpoint Protection 客户端”客户端设置设为“否”。To uninstall the Endpoint Protection client, set the Manage Endpoint Protection client on client computers client setting to No. 然后,部署包和程序以卸载 Endpoint Protection 客户端。Then, deploy a package and program to uninstall the Endpoint Protection client.

允许安装 Endpoint Protection 客户端和在维护时段以外重启。Allow Endpoint Protection client installation and restarts outside maintenance windows. 维护时段必须至少为 30 分钟,以便安装客户端Maintenance windows must be at least 30 minutes long for client installation

将此选项设置为“是”,使用维护时段替代典型的安装行为。Set this option to Yes to override typical installation behaviors with maintenance windows. 此设置符合可确保安全的系统维护优先级业务要求。This setting meets business requirements for the priority of system maintenance for security purposes.

对于带有写入筛选器的 Windows Embedded 设备,提交 Endpoint Protection 客户端安装(需要重新启动)For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restarts)

选择“是”以对 Windows Embedded 设备禁用写入筛选器并重启该设备。Choose Yes to disable the write filter on the Windows Embedded device, and restart the device. 此操作在设备上提交安装。This action commits the installation on the device.

如果选择“否”,则客户端在临时覆盖区上安装,当设备重启时清除。If you choose No, the client installs on a temporary overlay that clears when the device restarts. 在此情况下,Endpoint Protection 客户端直到另一个安装将更改提交到设备时才会完全安装。In this scenario, the Endpoint Protection client doesn't fully install until another installation commits changes to the device. 默认为此配置。This configuration is the default.

在安装 Endpoint Protection 客户端后取消任何所需的计算机重启Suppress any required computer restarts after the Endpoint Protection client is installed

安装 Endpoint Protection 客户端后,请选择“是”取消重启计算机。Choose Yes to suppress a computer restart after the Endpoint Protection client installs.

重要

如果 Endpoint Protection 客户端需要重启计算机,并且此设置为“否”,则计算机都会重启,且与任何配置的维护时段无关。If the Endpoint Protection client requires a computer restart and this setting is No, then the computer restarts regardless of any configured maintenance windows.

允许用户将要求的重启推迟一段时间,以完成 Endpoint Protection 安装(小时)Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)

如果在安装 Endpoint Protection 客户端后需要重启,该设置会指定用户可以延迟所需重启的小时数。If a restart is necessary after the Endpoint Protection client installs, this setting specifies the number of hours that users can postpone the required restart. 此设置要求你禁用以下设置:在安装 Endpoint Protection 客户端后取消任何所需的计算机重启This setting requires that you disable the following setting: Suppress any required computer restarts after the Endpoint Protection client is installed.

禁用替代源(例如 Microsoft Windows Update、Microsoft Windows Server Update Services 或 UNC 共享)来更新客户端计算机的初始定义Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers

如果希望 Configuration Manager 在客户端计算机上仅安装初始定义更新,请选择“是”。Choose Yes if you want Configuration Manager to install only the initial definition update on client computers. 此设置有助于在初次安装定义更新期间避免不必要的网络连接并减小网络带宽。This setting can be helpful to avoid unnecessary network connections, and reduce network bandwidth, during the initial installation of the definition update.

注册Enrollment

移动设备旧客户端的轮询间隔Polling interval for mobile device legacy clients

选择“设置间隔”,指定旧移动设备轮询策略的时间长度(以分钟或小时为单位)。Select Set Interval to specify the length of time, in minutes or hours, that legacy mobile devices poll for policy. 这些设备包括 Windows CE、macOS,以及 Unix 或 Linux 等平台。These devices include platforms such as Windows CE, macOS, and Unix or Linux.

新式设备的轮询间隔(分钟)Polling interval for modern devices (minutes)

输入新式设备轮询策略的分钟数。Enter the number of minutes that modern devices poll for policy. 此设置适用于通过本地移动设备管理托管的 Windows 10 设备。This setting is for Windows 10 devices that are managed through on-premises mobile device management.

允许用户注册移动设备和 Mac 计算机Allow users to enroll mobile devices and Mac computers

要启用基于用户注册旧设备,请将此选项设置为“是”,然后配置以下设置:To enable user-based enrollment of legacy devices, set this option to Yes, and then configure the following setting:

允许用户注册新式设备Allow users to enroll modern devices

要启用基于用户注册新式设备,请将此选项设置为“是”,然后配置以下设置:To enable user-based enrollment of modern devices, set this option to Yes, and then configure the following setting:

硬件清单Hardware inventory

针对客户端启用硬件清单Enable hardware inventory on clients

默认情况下,此设置为“是”。By default, this setting is Yes. 有关详细信息,请参阅硬件清单简介For more information, see Introduction to hardware inventory.

硬件清单计划Hardware inventory schedule

选择“计划”,调整客户端运行硬件清单周期的频率。Select Schedule to adjust the frequency that clients run the hardware inventory cycle. 默认情况下,该周期为每七天执行一次。By default, this cycle occurs every seven days.

最长随机延迟(分钟)Maximum random delay (minutes)

指定最大分钟数,以便 Configuration Manager 客户端从定义的计划中随机化硬件清单周期。Specify the maximum number of minutes for the Configuration Manager client to randomize the hardware inventory cycle from the defined schedule. 这种跨所有客户端的随机化操作有助于实现站点服务器上清单处理的负载均衡。This randomization across all clients helps load-balance inventory processing on the site server. 可以指定介于 0 到 480 分钟之间的任何值。You can specify any value between 0 and 480 minutes. 默认情况下,此值设置为 240 分钟(4 小时)。By default, this value is set to 240 minutes (4 hours).

最大自定义 MIF 文件大小(KB)Maximum custom MIF file size (KB)

指定在硬件清单周期过程中客户端收集的每个自定义管理信息格式 (MIF) 文件所允许的最大大小 (KB)。Specify the maximum size, in kilobytes (KB), allowed for each custom Management Information Format (MIF) file that the client collects during a hardware inventory cycle. Configuration Manager 硬件清单代理不会处理任何超过此大小的自定义 MIF 文件。The Configuration Manager hardware inventory agent doesn't process any custom MIF files that exceed this size. 可指定介于 1 KB 到 5,120 KB 之间的大小。You can specify a size of 1 KB to 5,120 KB. 默认情况下,此值设置为 250 KB。By default, this value is set to 250 KB. 此设置不影响常规硬件清单数据文件的大小。This setting doesn't affect the size of the regular hardware inventory data file.

备注

此设置仅在默认客户端设置中可用。This setting is available only in the default client settings.

硬件清单类Hardware inventory classes

选择“设置类”可扩展从客户端中收集的硬件信息,而无需手动编辑 sms_def.mof 文件。Select Set Classes to extend the hardware information that you collect from clients without manually editing the sms_def.mof file. 有关详细信息,请参阅如何配置硬件清单For more information, see How to configure hardware inventory.

收集 MIF 文件Collect MIF files

使用此设置指定是否在硬件清单过程中从 Configuration Manager 客户端收集 MIF 文件。Use this setting to specify whether to collect MIF files from Configuration Manager clients during hardware inventory.

为了按照硬件清单收集 MIF 文件,此文件必须位于客户端计算机上的正确位置。For a MIF file to be collected by hardware inventory, it must be in the correct location on the client computer. 默认情况下,这些文件位于下列路径中:By default, the files are located in the following paths:

  • IDMIF 文件应位于 Windows\System32\CCM\Inventory\Idmif 文件夹中。IDMIF files should be in the Windows\System32\CCM\Inventory\Idmif folder.

  • NOIDMIF 文件应位于 Windows\System32\CCM\Inventory\Noidmif 文件夹中。NOIDMIF files should be in the Windows\System32\CCM\Inventory\Noidmif folder.

备注

此设置仅在默认客户端设置中可用。This setting is available only in the default client settings.

按流量计费的 Internet 连接Metered internet connections

管理 Windows 8 及更高版本计算机如何使用按流量计费的 Internet 连接与 Configuration Manager 通信。Manage how Windows 8 and later computers use metered internet connections to communicate with Configuration Manager. Internet 提供商有时会根据你通过按流量计费的 Internet 连接发送和接收的数据量来计费。Internet providers sometimes charge by the amount of data that you send and receive when you're on a metered internet connection.

备注

配置的客户端设置不适用于以下情况:The configured client setting isn't applied in the following scenarios:

  • 如果计算机采用漫游数据连接,Configuration Manager 客户端不会执行需要将数据传输到 Configuration Manager 站点的任何任务。If the computer is on a roaming data connection, the Configuration Manager client doesn't perform any tasks that require data to be transferred to Configuration Manager sites.
  • 如果 Windows 网络连接属性配置为不按流量计费,Configuration Manager 客户端的行为类似于连接不按流量计费,因此会将数据传输至站点。If the Windows network connection properties are configured as non-metered, the Configuration Manager client behaves as if the connection is non-metered, and so transfers data to the site.

客户端通过按流量计费的 Internet 连接进行的通信Client communication on metered internet connections

为此设置选择下列某个选项:Choose one of the following options for this setting:

  • 允许:除非客户端设备正在使用漫游数据连接,否则允许通过按流量计费的 Internet 连接进行所有客户端通信。Allow: All client communications are allowed over the metered internet connection, unless the client device is using a roaming data connection.

  • 限制:客户端只对以下行为通过按流量计费的 Internet 连接进行通信:Limit: The client only communicates over the metered internet connection for the following behaviors:

    • 下载客户端策略Download client policy

    • 发送客户端状态消息Send client state messages

    • 向软件中心请求安装软件Request software installs from Software Center

    • 在安装截止时间下载必需部署的其他策略和内容Download additional policy and content for required deployments at the installation deadline

    如果客户端达到按流量计费的 Internet 连接的数据传输限制,客户端就不再与站点通信。If the client reaches the data transfer limit for the metered internet connection, the client no longer communicates with the site.

  • 阻止:如果设备使用按流量计费的 Internet 连接,Configuration Manager 客户端就不会尝试与站点通信。Block: When the device is on a metered internet connection, the Configuration Manager client doesn't try to communicate with the site. 此选项为默认设置。This option is the default.

重要

客户端始终允许从软件中心安装软件,与按流量计费的 Internet 连接设置无关。The client always permits software installations from Software Center, regardless of the metered internet connection settings. 如果用户在设备处于按流量计费的网络中时请求安装软件,软件中心会尊重用户的意图。If the user requests a software installation while the device is on a metered network, Software Center honors the user's intent.

自版本 2006 起,如果你将此客户端设置配置为“允许”或“限制”时,客户端安装和更新都可以进行。Starting in version 2006, client install and update both work when you configure this client setting to Allow or Limit. 借助此行为,客户端可以不断更新,但仍管理通过按流量计费的网络进行的客户端通信。This behavior allows the client to stay current, but still manage the client communication on a metered network. 可以在客户端安装期间使用 ccmsetup 参数 /AllowMetered 来控制此行为。You can control this behavior during client install with the ccmsetup parameter /AllowMetered. 有关详细信息,请参阅关于客户端安装参数和属性For more information, see About client installation parameters and properties.

电源管理Power management

允许设备的电源管理Allow power management of devices

将此选项设置为“是”,以启用客户端上的电源管理。Set this option to Yes to enable power management on clients. 有关详细信息,请参阅电源管理简介For more information, see Introduction to power management.

允许用户从电源管理中排除其设备Allow users to exclude their device from power management

选择“是”允许软件中心的用户从任何配置的电源管理设置中排除其计算机。Choose Yes to let users of Software Center exclude their computer from any configured power management settings.

允许网络唤醒Allow network wake-up

如果启用此设置,客户端会将计算机上的电源设置配置为允许网络适配器唤醒设备。When you enable this setting, the client configures the power settings on the computer to allow the network adapter to wake up the device. 如果禁用此设置,则计算机的网络适配器无法唤醒设备。If you disable this setting, the computer's network adapter can't wake up the device.

启用唤醒代理Enable wake-up proxy

指定“是”以在为单播包配置站点 LAN 唤醒设置后对其进行补充。Specify Yes to supplement the site's Wake On LAN setting, when it's configured for unicast packets.

有关唤醒代理的详细信息,请参阅规划如何唤醒客户端For more information about wake-up proxy, see Plan how to wake up clients.

警告

在未首先了解唤醒代理的工作原理以及在测试环境中对其进行评估之前,请不要在生产网络中启用唤醒代理。Don't enable wake-up proxy in a production network without first understanding how it works and evaluating it in a test environment.

然后根据需要配置以下附加设置:Then, configure the following additional settings as needed:

  • 唤醒代理端口号 (UDP) :客户端用于向处于睡眠状态的计算机发送唤醒数据包的端口号。Wake-up proxy port number (UDP): The port number that clients use to send wake-up packets to sleeping computers. 保留默认端口 25536,或将数字更改为所选的值。Keep the default port 25536, or change the number to a value of your choice.

  • LAN 唤醒端口号 (UDP) :保留默认值 9,除非在站点“属性”的“端口”选项卡上更改了 LAN 唤醒 (UDP) 端口号 。Wake On LAN port number (UDP): Keep the default value of 9, unless you've changed the Wake On LAN (UDP) port number on the Ports tab of the site Properties.

    重要

    此数字必须与站点“属性”中的数字匹配。This number must match the number in the site Properties. 如果在一个位置更改此数字,则不会在其他位置自动更新此数字。If you change this number in one place, it isn't automatically updated in the other place.

  • 针对唤醒代理的 Windows Defender 防火墙例外:Configuration Manager 客户端自动配置运行 Windows Defender 防火墙的设备上的唤醒代理端口号。Windows Defender Firewall exception for wake-up proxy: The Configuration Manager client automatically configures the wake-up proxy port number on devices that run Windows Defender Firewall. 选择“配置”指定防火墙配置文件。Select Configure to specify the firewall profiles.

    如果客户端运行其他防火墙,请手动将其配置为允许“唤醒代理端口号 (UDP)”。If clients run a different firewall, manually configure it to allow the Wake-up proxy port number (UDP).

  • DirectAccess 或其他介入的网络设备的 IPv6 前缀(如果需要)。请使用逗号指定多个项:输入唤醒代理在网络上运行所需的 IPv6 前缀。IPv6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries: Enter the necessary IPv6 prefixes for wake-up proxy to function on your network.

远程工具Remote tools

在客户端上启用远程控制及防火墙例外配置文件Enable Remote Control on clients, and Firewall exception profiles

选择“配置”,启用 Configuration Manager 远程控制功能。Select Configure to enable the Configuration Manager remote control feature. 根据需要将防火墙设置配置为允许远程控制在客户端计算机上工作。Optionally, configure firewall settings to allow remote control to work on client computers.

默认情况下,禁用了远程控制。Remote control is disabled by default.

重要

如果未配置防火墙设置,则远程控制可能无法正常工作。If you don't configure firewall settings, remote control might not work correctly.

用户可以在软件中心内更改策略或通知设置Users can change policy or notification settings in Software Center

选择用户是否可以从软件中心中更改远程控制选项。Choose whether users can change remote control options from within Software Center.

允许远程控制无人参与的计算机Allow Remote Control of an unattended computer

选择管理员是否可以使用远程控制来访问注销或锁定的客户端计算机。Choose whether an admin can use remote control to access a client computer that is logged off or locked. 禁用此设置后,只能远程控制登录和解锁的计算机。Only a logged-on and unlocked computer can be remotely controlled when this setting is disabled.

提示用户提供远程控制权限Prompt user for Remote Control permission

选择客户端计算机是否要显示一条消息,以在允许远程控制会话之前请求提供用户的权限。Choose whether the client computer shows a message asking for the user's permission before allowing a remote control session.

提示用户获取从共享剪贴板传输内容的权限Prompt user for permission to transfer content from shared clipboard

在远程控制会话中从共享剪贴板传输内容前,允许用户选择接受或拒绝文件传输。Before transferring content from the shared clipboard in a remote control session, allow your users the opportunity to accept or deny file transfers. 用户只需要在每个会话中授予一次权限。Users only need to grant permission once per session. 查看者无法授予自身传输文件的权限。The viewer can't give themselves permission to transfer the file.

将远程控制权限授予本地管理员组Grant Remote Control permission to local Administrators group

选择服务器上启动远程控制连接的本地管理员是否可以与客户端计算机建立远程控制会话。Choose whether local admins on the server that starts the remote control connection can establish remote control sessions to client computers.

允许的访问级别Access level allowed

指定将要允许的远程控制访问级别。Specify the level of remote control access to allow. 从以下设置中选择:Choose from the following settings:

  • 无访问权限No Access
  • 仅查看View Only
  • 完全控制Full Control

允许查看远程控制和远程协助的用户Permitted viewers of Remote Control and Remote Assistance

选择“设置查看者”,指定可以与客户端计算机建立远程控制会话的 Windows 用户的名称。Select Set Viewers to specify the names of the Windows users who can establish remote control sessions to client computers.

在任务栏上显示会话通知图标Show session notification icon on taskbar

将此设置配置为“是”,以在客户端的 Windows 任务栏上显示一个图标,指示远程控制会话处于活动状态。Configure this setting to Yes to show an icon on the client's Windows taskbar to indicate an active remote control session.

显示会话连接栏Show session connection bar

将此选项设置为“是”,以在客户端上显示高可见性会话连接栏,指示远程控制会话处于活动状态。Set this option to Yes to show a high-visibility session connection bar on clients, to indicate an active remote control session.

在客户端上播放声音Play a sound on client

设置此选项,以当远程控制会话在客户端计算机上处于活动状态时用声音指示。Set this option to use sound to indicate when a remote control session is active on a client computer. 选择下列选项之一:Select one of the following options:

  • 无声音No sound
  • 会话的开始和结束(默认)Beginning and end of session (default)
  • 在会话过程中重复Repeatedly during session

管理未经请求的远程协助设置Manage unsolicited Remote Assistance settings

通过将此设置配置为“是”,Configuration Manager 可以管理未经请求的远程协助会话。Configure this setting to Yes to let Configuration Manager manage unsolicited Remote Assistance sessions.

在未经请求的远程协助会话中,客户端计算机上的用户没有通过请求协助来启动会话。In an unsolicited Remote Assistance session, the user at the client computer didn't request assistance to start the session.

管理经请求的远程协助设置Manage solicited Remote Assistance settings

将此选项设置为“是”,允许 Configuration Manager 管理经请求的远程协助会话。Set this option to Yes to let Configuration Manager manage solicited Remote Assistance sessions.

在经请求的远程协助会话中,客户端计算机上的用户向管理员发送远程协助请求。In a solicited Remote Assistance session, the user at the client computer sent a request to the admin for remote assistance.

远程协助访问级别Level of access for Remote Assistance

选择访问级别,分配给在 Configuration Manager 控制台中启动的远程协助会话。Choose the level of access to assign to Remote Assistance sessions that are started in the Configuration Manager console. 选择下列选项之一:Select one of the following options:

  • (默认)None (default)
  • 远程查看Remote Viewing
  • 完全控制Full Control

备注

客户端计算机用户必须始终允许发生远程帮助会话。The user at the client computer must always grant permission for a Remote Assistance session to occur.

管理远程桌面设置Manage Remote Desktop settings

将此选项设置为“是”,允许 Configuration Manager 管理计算机的远程桌面会话。Set this option to Yes to let Configuration Manager manage Remote Desktop sessions for computers.

允许获得许可的查看者使用远程桌面连接进行连接Allow permitted viewers to connect by using Remote Desktop connection

将此选项设置为“是”,将允许查看者列表中指定的用户添加到客户端上的远程桌面本地用户组。Set this option to Yes to add users specified in the permitted viewer list to the Remote Desktop local user group on clients.

在运行 Windows Vista 和更高版本的操作系统的计算机上要求网络级别身份验证Require network level authentication on computers that run Windows Vista operating system and later versions

将此选项设置为“是”,可使用网络级别身份验证 (NLA) 与客户端计算机建立远程桌面连接。Set this option to Yes to use network-level authentication (NLA) to establish Remote Desktop connections to client computers. NLA 最初需要较少的远程计算机资源,因为它会在建立远程桌面连接之前完成用户身份验证。NLA initially requires fewer remote computer resources, because it finishes user authentication before it establishes a Remote Desktop connection. 使用 NLA 是一种更安全的配置。Using NLA is a more secure configuration. 因为 NLA 有助于保护计算机不受恶意用户或软件的攻击,并且可减小拒绝服务攻击带来的风险。NLA helps protect the computer from malicious users or software, and it reduces the risk from denial-of-service attacks.

软件中心Software Center

选择用户门户Select the user portal

从版本 2006 开始,如果将公司门户部署到共同管理的设备,请将此设置配置为“公司门户”。Starting in version 2006, if you deploy the Company Portal to co-managed devices, configure this setting to Company Portal. 此设置可确保来自 Configuration Manager 和 Intune 的通知都启动公司门户。This setting makes sure that notifications from Configuration Manager and Intune both launch the Company Portal. 如果 Configuration Manager 通知的场景是公司门户不支持的,则选择通知会启动软件中心。If a Configuration Manager notification is for a scenario that the Company Portal doesn't support, selecting the notification launches Software Center.

如果将公司门户安装在共同托管设备上,但将此设置配置为“软件中心”,则来自 Configuration Manager 的通知会启动软件中心。If you install the Company Portal on a co-managed device, but configure this setting to Software Center, then notifications from Configuration Manager launch Software Center. 来自 Intune 的通知会启动公司门户。Notifications from Intune launch the Company Portal. 此行为可能会让用户在与不同的门户交互时感到困惑。This behavior may be confusing to users to interact with different portals.

公司门户的行为取决于你的共同管理工作负载配置。The behavior of the Company Portal depends upon your co-management workload configuration. 有关详细信息,请参阅在共同受管理设备上使用公司门户应用For more information, see Use the Company Portal app on co-managed devices.

选择这些新设置来指定公司信息Select these new settings to specify company information

将此选项设置为“是”,然后指定以下设置来打造组织的软件中心:Set this option to Yes, and then specify the following settings to brand Software Center for your organization:

  • 公司名称:输入用户在软件中心看到的组织名称。Company name: Enter the organization name that users see in Software Center.

  • 软件中心的配色方案:单击“选择颜色”,定义软件中心使用的主色调。Color scheme for Software Center: Click Select Color to define the primary color used by Software Center.

  • 选择在软件中心使用的徽标:单击“浏览”,选择要在软件中心显示的图像。Select a logo for Software Center: Click Browse to select an image to appear in Software Center. 徽标必须为 400 x 100 像素的 JPEG、PNG 或 BMP 格式,最大尺寸为 750 KB。The logo must be a JPEG, PNG, or BMP of 400 x 100 pixels, with a maximum size of 750 KB. 徽标文件名称不能包含空格。The logo file name shouldn't contain spaces.

在软件中心隐藏未批准的应用程序Hide unapproved applications in Software Center

启用此选项后,软件中心会隐藏需要审批的用户可用的应用程序。When you enable this option, user-available applications that require approval are hidden in Software Center.

在软件中心隐藏安装的应用程序Hide installed applications in Software Center

启用此选项后,已安装的应用程序将不再显示在“应用程序”选项卡中。安装或升级到 Configuration Manager 时,此选项会设置为默认选项。When you enable this option, applications that are already installed no longer show in the Applications tab. This option is set as the default when you install or upgrade to Configuration Manager. 仍可以在安装状态选项卡下查看已安装的应用程序。Installed applications are still available for review under the installation status tab.

指定应用程序目录网站链接在软件中心的可见性。Specify the visibility of the application catalog web site link in Software Center. 设置此选项后,用户将不会在软件中心的安装状态节点中看到应用程序目录网站链接。When this option is set, users won't see the application catalog web site link in the Installation status node of Software Center.

重要

从 Current Branch 版本 1806 开始,不支持应用程序目录的 Silverlight 用户体验。The application catalog's Silverlight user experience isn't supported as of current branch version 1806. 自版本 1906 起,更新后的客户端自动使用管理点进行用户可用的应用程序部署。Starting in version 1906, updated clients automatically use the management point for user-available application deployments. 仍然无法安装新的应用程序目录角色。You also can't install new application catalog roles. 版本 1910 已终止对应用程序目录角色的支持。Support ends for the application catalog roles with version 1910.

软件中心选项卡的可见性Software Center tab visibility

从版本 1906 开始Starting in version 1906

选择应在软件中心中显示的选项卡。Choose which tabs should be visible in Software Center. 使用“添加”按钮可将选项卡移动到“可见”选项卡 。Use the Add button to move a tab to Visible tabs. 使用“删除”按钮可将选项卡移动到“隐藏”选项卡列表 。Use the Remove button to move it to the Hidden tabs list. 使用“上移”或“下移”按钮可对选项卡进行排序 。Order the tabs using the Move Up or Move Down buttons.

可用选项卡:Available tabs:

  • 应用程序Applications

  • 更新Updates

  • 操作系统Operating Systems

  • 安装状态Installation Status

  • 设备符合性Device Compliance

  • 选项Options

  • 通过单击“添加选项卡”按钮,最多可添加 5 个自定义选项卡。Add up to five custom tabs by clicking the Add tab button.

    • 指定自定义选项卡的“选项卡名称”和“内容 URL”。Specify the Tab name and Content URL for your custom tab.
    • 选择“删除选项卡”删除自定义选项卡。Select Delete Tab to remove a custom tab.

    重要

    • 若要将一些网站功能用作软件中心内的自定义选项卡,它们可能无法正常运行。Some website features may not work when using it as a custom tab in Software Center. 将结果部署到客户端之前,请确保测试结果。Make sure to test the results before deploying this to clients.
    • 添加自定义选项卡时,仅指定受信任的地址或 Intranet 网站地址。Specify only trusted or intranet website addresses when you add a custom tab.

版本1902 及更早版本Version 1902 and earlier

将此组中的其他设置配置为“是”,以在软件中心显示以下选项卡:Configure the additional settings in this group to Yes to make the following tabs visible in Software Center:

  • 应用程序Applications

  • 更新Updates

  • 操作系统Operating Systems

  • 安装状态Installation Status

  • 设备符合性Device Compliance

  • 选项Options

  • 为软件中心指定自定义选项卡Specify a custom tab for Software Center

    • 选项卡名称Tab name
    • 内容 URLContent URL

    重要

    若要将一些网站功能用作软件中心内的自定义选项卡,它们可能无法正常运行。Some website features may not work when using it as a custom tab in Software Center. 将结果部署到客户端之前,请确保测试结果。Make sure to test the results before deploying this to clients.

    添加自定义选项卡时,仅指定受信任的地址或 Intranet 网站地址。Specify only trusted or intranet website addresses when you add a custom tab.

例如,如果你的组织不使用符合性策略,并且你希望在软件中心隐藏“设备符合性”选项卡,请将“启用‘设备符合性’选项卡”设置为“否” 。For example, if your organization doesn't use compliance policies, and you want to hide the Device Compliance tab in Software Center, set Enable Device Compliance tab to No.

在软件中心配置默认视图Configure default views in Software Center

(从版本 1902 中引入)(Introduced in version 1902)

  • 将“默认应用程序筛选器”配置为对“所有”应用程序或仅对“必要” 应用程序应用。Configure the Default application filter as either All or only Required applications.

    • 软件中心始终使用默认设置。Software Center always uses your default setting. 用户可以更改此筛选器,但软件中心不会保留其首选项。Users can change this filter, but Software Center doesn't persist their preference.
  • 将“默认应用程序视图用”设置为“平铺视图”或“列表视图” 。Set the Default application view as either Tile view or List view.

    • 如果用户更改此配置,则软件中心以后会保留用户的首选项。If a user changes this configuration, Software Center persists the user's preference in the future.

软件部署Software deployment

计划部署的重新评估Schedule re-evaluation for deployments

配置 Configuration Manager 为所有部署重新评估要求规则的计划。Configure a schedule for when Configuration Manager reevaluates the requirement rules for all deployments. 默认值为每七天一次。The default value is every seven days.

重要

与网络或站点服务器相比,此设置对本地客户端更具侵入性。This setting is more invasive to the local client than it is to the network or site server. 更加主动的重新评估计划会对网络和客户端计算机的性能产生负面影响。A more aggressive reevaluation schedule negatively affects the performance of your network and client computers. Microsoft 不建议将该值设置为低于默认值。Microsoft doesn't recommend setting a lower value than the default. 如果更改此值,请密切监视性能。If you change this value, closely monitor performance.

按以下步骤从客户端启动此操作:从“Configuration Manager”控制面板的“操作”选项卡中,选择“应用程序部署评估周期”。Start this action from a client as follows: in the Configuration Manager control panel, from the Actions tab, select Application Deployment Evaluation Cycle.

软件清单Software inventory

在客户端上启用软件清单Enable software inventory on clients

默认情况下,此选项设置为“是”。This option is set to Yes by default. 有关详细信息,请参阅软件清单简介For more information, see Introduction to software inventory.

计划软件清单和文件收集Schedule software inventory and file collection

选择“计划”,调整客户端运行软件清单和文件收集周期的频率。Select Schedule to adjust the frequency that clients run the software inventory and file collection cycles. 默认情况下,该周期为每七天执行一次。By default, this cycle occurs every seven days.

清单报告详细信息Inventory reporting detail

指定要列出清单的以下某个文件信息级别:Specify one of the following levels of file information to inventory:

  • 仅文件File only
  • 仅产品Product only
  • 完整详细信息(默认)Full details (default)

列出这些文件类型的清单Inventory these file types

如果想要指定要列出清单的文件类型,请选择“设置类型”,然后配置以下各项:If you want to specify the types of file to inventory, select Set Types, and then configure the following options:

备注

如果对计算机应用了多个自定义客户端设置,则会合并每个设置返回的清单。If multiple custom client settings are applied to a computer, the inventory that each setting returns is merged.

  • 选择“新建”,将新文件类型添加到清单。Select New to add a new file type to inventory. 然后在“清单文件属性”对话框中,指定以下信息:Then specify the following information in the Inventoried File Properties dialog box:

    • 名称:提供要列出清单的文件的名称。Name: Provide a name for the file that you want to inventory. 使用星号 (*) 通配符表示任意文本字符串,使用问号 (?) 表示任何一个字符。Use an asterisk (*) wildcard to represent any string of text, and a question mark (?) to represent any single character. 例如,若要列出扩展名为 .doc 的所有文件的清单,请指定文件名 *.docFor example, if you want to inventory all files with the extension .doc, specify the file name *.doc.

    • 位置:选择“设置”,打开“路径属性”对话框 。Location: Select Set to open the Path Properties dialog box. 将软件清单配置为,在所有客户端硬盘中搜索指定文件、搜索指定路径(例如 C:\Folder),或搜索指定变量(例如 %windir%)。Configure software inventory to search all client hard disks for the specified file, search a specified path (for example, C:\Folder), or search for a specified variable (for example, %windir%). 还可以搜索指定路径下面的所有子文件夹。You can also search all subfolders under the specified path.

    • 排除加密文件和压缩文件:如果选择此选项,则不会列出任何压缩或加密文件的清单。Exclude encrypted and compressed files: When you choose this option, any compressed or encrypted files aren't inventoried.

    • 排除 Windows 文件夹中的文件:如果选择此选项,则不会列出 Windows 文件夹及其子文件夹中任何文件的清单。Exclude files in the Windows folder: When you choose this option, any files in the Windows folder and its subfolders aren't inventoried.

    选择“确定”以关闭“清单文件属性”对话框。Select OK to close the Inventoried File Properties dialog box. 添加想要列出清单的所有文件,然后选择“确定”关闭“配置客户端设置”对话框。Add all the files that you want to inventory, and then select OK to close the Configure Client Setting dialog box.

收集文件Collect files

如果想从客户端计算机中收集文件,请选择“设置文件”,然后配置以下各项设置:If you want to collect files from client computers, select Set Files, and then configure the following settings:

备注

如果对计算机应用了多个自定义客户端设置,则会合并每个设置返回的清单。If multiple custom client settings are applied to a computer, the inventory that each setting returns is merged.

  • 在“配置客户端设置”对话框中,选择“新建”,添加要收集的文件。In the Configure Client Setting dialog box, select New to add a file to be collected.

  • 在“收集的文件属性” 对话框中,提供以下信息:In the Collected File Properties dialog box, provide the following information:

    • 名称:为要收集的文件提供名称。Name: Provide a name for the file that you want to collect. 使用星号 (*) 通配符表示任意文本字符串,使用问号 (?) 表示任何一个字符。Use an asterisk (*) wildcard to represent any string of text, and a question mark (?) to represent any single character.

    • 位置:选择“设置”,打开“路径属性”对话框 。Location: Select Set to open the Path Properties dialog box. 将软件清单配置为,在所有客户端硬盘中搜索要收集的文件、搜索指定路径(例如 C:\Folder),或搜索指定变量(例如 %windir%)。Configure software inventory to search all client hard disks for the file that you want to collect, search a specified path (for example, C:\Folder), or search for a specified variable (for example, %windir%). 还可以搜索指定路径下面的所有子文件夹。You can also search all subfolders under the specified path.

    • 排除加密文件和压缩文件:如果选择此选项,则不会收集任何压缩或加密文件。Exclude encrypted and compressed files: When you choose this option, any compressed or encrypted files aren't collected.

    • 当文件的总大小超过以下值 (KB) 时停止文件收集:指定文件大小(以 KB 为单位),然后客户端停止收集指定的文件。Stop file collection when the total size of the files exceeds (KB): Specify the file size, in kilobytes (KB), after which the client stops collecting the specified files.

    备注

    站点服务器收集五个最近更改的收集文件版本,并将它们存储在 <ConfigMgr installation directory>\Inboxes\Sinv.box\Filecol 目录中。The site server collects the five most recently changed versions of collected files, and stores them in the <ConfigMgr installation directory>\Inboxes\Sinv.box\Filecol directory. 如果自上次软件清单周期以来文件未发生更改,则不会再收集该文件。If a file hasn't changed since the last software inventory cycle, the file isn't collected again.

    软件清单不收集超过 20 MB 的文件。Software inventory doesn't collect files larger than 20 MB.

    “配置客户端设置”对话框中的“所有收集的文件的最大大小(KB)”值显示所有收集的文件的最大大小。The value Maximum size for all collected files (KB) in the Configure Client Setting dialog box shows the maximum size for all collected files. 达到该大小后,文件的收集将停止。When this size is reached, file collection stops. 已收集的任何文件都会被保留并发送到站点服务器。Any files already collected are retained and sent to the site server.

    重要

    如果将软件清单配置为收集许多大型文件,此配置可能会对网络和站点服务器的性能产生负面影响。If you configure software inventory to collect many large files, this configuration might negatively affect the performance of your network and site server.

    有关如何查看收集的文件的信息,请参阅如何使用资源浏览器查看软件清单For information about how to view collected files, see How to use Resource Explorer to view software inventory.

    选择“确定”以关闭“收集的文件属性”对话框。Select OK to close the Collected File Properties dialog box. 添加想要收集的所有文件,然后选择“确定”以关闭“配置客户端设置”对话框。Add all the files that you want to collect, and then select OK to close the Configure Client Setting dialog box.

设置名称Set Names

软件清单代理从文件标头信息中检索制造商和产品名称。The software inventory agent retrieves manufacturer and product names from file header information. 文件标头信息中并未始终标准化这些名称。These names aren't always standardized in the file header information. 在资源浏览器中查看软件清单时,可能会显示同一制造商或产品名称的不同版本。When you view software inventory in Resource Explorer, different versions of the same manufacturer or product name can appear. 要标准化这些显示名称,请选择“设置名称”,然后配置以下各项设置:To standardize these display names, select Set Names, and then configure the following settings:

  • 名称类型:软件清单收集关于制造商和产品的信息。Name type: Software inventory collects information about both manufacturers and products. 选择要为“制造商”还是“产品”配置显示名称。Choose whether you want to configure display names for a Manufacturer or a Product.

  • 显示名称:指定想要用来替代“清单名称”列表中的名称的显示名称。Display name: Specify the display name that you want to use in place of the names in the Inventoried names list. 要指定新的显示名称,请选择“新建”。To specify a new display name, select New.

  • 清单名称:若要添加清单名称,请选择“新建”。Inventoried names: To add an inventoried name, select New. 在软件清单中,此名称被“显示名称”列表中选择的名称替换。This name is replaced in software inventory by the name chosen in the Display name list. 可添加多个名称进行替换。You can add multiple names to replace.

软件计数Software Metering

在客户端上启用软件计数Enable software metering on clients

默认情况下,此设置设为“是”。This setting is set to Yes by default. 有关详细信息,请参阅 软件计数For more information, see Software metering.

计划数据收集Schedule data collection

选择“计划”,调整客户端运行软件计数周期的频率。Select Schedule to adjust the frequency that clients run the software metering cycle. 默认情况下,该周期为每七天执行一次。By default, this cycle occurs every seven days.

软件更新Software updates

在客户端上启用软件更新Enable software updates on clients

使用此设置在 Configuration Manager 客户端上启用软件更新。Use this setting to enable software updates on Configuration Manager clients. 禁用此设置时,Configuration Manager 会从客户端删除现有部署策略。When you disable this setting, Configuration Manager removes existing deployment policies from clients. 当重新启用此设置时,客户端会下载当前部署策略。When you re-enable this setting, the client downloads the current deployment policy.

重要

禁用此设置时,依赖于软件更新的符合性策略将不再起作用。When you disable this setting, compliance policies that rely on software updates will no longer function.

软件更新扫描计划Software update scan schedule

选择“计划”,指定客户端启动符合性评估扫描的频率。Select Schedule to specify how often the client starts a compliance assessment scan. 此扫描确定客户端上的软件更新的状态(例如必需或者已安装)。This scan determines the state for software updates on the client (for example, required or installed). 有关符合性评估的详细信息,请参阅软件更新符合性评估For more information about compliance assessment, see Software updates compliance assessment.

默认情况下,此扫描使用简单的计划,每七天启动一次。By default, this scan uses a simple schedule to start every seven days. 可以创建自定义计划。You can create a custom schedule. 可以指定确切的开始日期和时间,是使用通用协调时间 (UTC) 还是使用本地时间,并为一周中的特定日配置重复间隔。You can specify an exact start day and time, use Universal Coordinated Time (UTC) or the local time, and configure the recurring interval for a specific day of the week.

备注

如果指定的间隔小于 1 天,Configuration Manager 会自动默认为 1 天。If you specify an interval of less than one day, Configuration Manager automatically defaults to one day.

警告

客户端计算机上的实际开始时间是开始时间加上随机的一段时间(最多为 2 小时)。The actual start time on client computers is the start time plus a random amount of time, up to two hours. 这种随机化可以防止客户端计算机启动扫描和同时连接到活动软件更新点。This randomization prevents client computers from initiating the scan and simultaneously connecting to the active software update point.

计划部署重新评估Schedule deployment re-evaluation

选择“计划”可配置软件更新客户端代理重新评估软件更新在 Configuration Manager 客户端计算机上的安装状态的频率。Select Schedule to configure how often the software updates client agent reevaluates software updates for installation status on Configuration Manager client computers. 当客户端上再也无法找到以前安装的软件更新,但仍然需要这些更新时,客户端会重新安装这些软件更新。When previously installed software updates are no longer found on clients but are still required, the client reinstalls the software updates.

根据软件更新符合性的公司策略,以及用户是否可以卸载软件更新调整此计划。Adjust this schedule based on company policy for software update compliance, and whether users can uninstall software updates. 每个部署重新评估周期都会导致网络和客户端计算机处理器活动。Every deployment re-evaluation cycle results in network and client computer processor activity. 默认情况下,此设置使用简单的计划,每七天启动一次部署重新评估扫描。By default, this setting uses a simple schedule to start the deployment re-evaluation scan every seven days.

备注

如果指定的间隔小于 1 天,Configuration Manager 会自动默认为 1 天。If you specify an interval of less than one day, Configuration Manager automatically defaults to one day.

在达到任何软件更新部署截止时间时,安装所有截止时间在指定时间段内的其他软件更新部署When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time

将此选项设置为“是”,可安装截止时间在指定时间段内的所需部署中的所有软件更新。Set this option to Yes to install all software updates from required deployments with deadlines occurring within a specified period of time. 在所需软件更新部署达到截止时间时,客户端会开始安装部署中的软件更新。When a required software update deployment reaches a deadline, the client starts installation for the software updates in the deployment. 此设置确定是否要安装截止时间在指定时间段内的其他所需部署中的软件更新。This setting determines whether to install software updates from other required deployments that have a deadline within the specified time.

使用此设置可加快所需软件更新的安装速度。Use this setting to speed up installation for required software updates. 此设置还有可能增加客户端安全性、减少对用户的通知并减少客户端重启次数。This setting also has the potential to increase client security, decrease notifications to the user, and decrease client restarts. 默认情况下,此设置设为“否” 。By default, this setting is set to No.

在此时间段内截止的所有挂起的部署在一定时间内也将进行安装。Period of time for which all pending deployments with deadline in this time will also be installed

使用此设置可指定前一个设置的时间段。Use this setting to specify the period of time for the previous setting. 可以输入介于 1 到 23 个小时和介于 1 到 365 天的值。You can enter a value from 1 to 23 hours, and from 1 to 365 days. 默认情况下,此设置配置为七天。By default, this setting is configured for seven days.

在有可用内容时,允许客户端下载增量内容Allow clients to download delta content when available

(从版本 1902 中引入)(Introduced in version 1902)

通过将此选项设置为“是”,允许客户端使用增量内容文件。Set this option to Yes to allow clients to use delta content files. 此设置允许设备上的 Windows 更新代理确定所需内容并有选择地下载内容。This setting allows the Windows Update Agent on the device to determine what content is needed and selectively download it.

  • 在启用此客户端设置之前,请确保为环境正确配置了传递优化。Before enabling this client setting, ensure Delivery Optimization is configured appropriately for your environment. 有关详细信息,请参阅 Windows 传递优化传递优化客户端设置For more information, see Windows Delivery Optimization and the Delivery Optimization client setting.
  • 此客户端设置会替换“在客户端上启用快速安装文件的安装”。This client setting replaces Enable installation of Express installation files on clients. 通过将此选项设置为“是”,客户端可以使用快速安装文件。Set this option to Yes to allow clients to use express installation files. 有关详细信息,请参阅管理 Windows 10 更新的快速安装文件For more information, see Manage Express installation files for Windows 10 updates.
  • 从 Configuration Manager 版本 1910 开始,设置此选项后,增量下载将用于所有 Windows 更新安装文件,而不仅仅是快速安装文件。Starting in Configuration Manager version 1910, when this option is set, delta download is used for all Windows update installation files, not just express installation files.
    • 将 CMG 用于内容存储时,如果“在有可用内容时下载增量内容”客户端设置已启用,则第三方更新内容不会下载到客户端。When using a CMG for content storage, the content for third-party updates won't download to clients if the Download delta content when available client setting is enabled.

客户端用于接收增量内容请求的端口Port that clients use to receive requests for delta content

(从版本 1902 中引入)(Introduced in version 1902)

此设置为 HTTP 侦听器配置本地端口,以下载增量内容。This setting configures the local port for the HTTP listener to download delta content. 它默认设置为 8005。It's set to 8005 by default. 无需在客户端防火墙中打开此端口。You don't need to open this port in the client firewall.

备注

此客户端设置会替换“用于为快速安装文件下载内容的端口”。This client setting replaces Port used to download content for Express installation files.

启用 Office 365 客户端代理的管理Enable management of the Office 365 Client Agent

当你将此选项设置为“是”时,它将启用配置 Microsoft 365 Apps 安装设置。When you set this option to Yes, it enables the configuration of Microsoft 365 Apps installation settings. 还可以从 Office 内容分发网络 (CDN) 下载文件,以及将文件部署为 Configuration Manager 中的应用程序。It also enables downloading files from Office Content Delivery Networks (CDNs), and deploying the files as an application in Configuration Manager. 有关详细信息,请参阅管理 Microsoft 365 AppsFor more information, see Manage Microsoft 365 Apps.

当“软件更新”维护时段可用时,在“所有部署”维护时段中启用软件更新安装Enable installation of software updates in "All deployments" maintenance window when "Software Update" maintenance window is available

将此选项设置为“是”且客户端定义了至少一个"软件更新"维护时段时,将在"所有部署"维护时段安装软件更新。When you set this option to Yes, and the client has at least one "Software Update" maintenance window defined, software updates will install during an "All deployments" maintenance window.

默认情况下,此设置设为“否” 。By default, this setting is set to No. 此值使用与以前相同的行为:如果两种类型都存在,则它将忽略时段。This value uses the same behavior as before: if both types exist, it ignores the window.

备注

此设置还适用于配置为应用于“任务序列”的维护时段。This setting also applies to maintenance windows that you configure to apply to Task sequences.

如果客户端只有“所有部署”时段可用,它仍会在该时段内安装软件更新或任务序列。If the client only has an All deployments window available, it still installs software updates or task sequences in that window.

维护时段示例Maintenance window example

例如,可以配置以下维护时段:For example, you configure the following maintenance windows:

  • 所有部署:02:00 - 04:00All deployment: 02:00 - 04:00
  • 软件更新:04:00 - 06:00Software updates: 04:00 - 06:00

默认情况下,客户端仅在第二个维护时段期间安装软件更新。By default, the client only installs software updates during the second maintenance window. 它忽略了此方案中所有部署的维护时段。It ignores the maintenance window for all deployments in this scenario. 将此设置更改为“是”时,客户端将在 02:00 到 06:00 之间安装软件更新。When you change this setting to Yes, the client installs software updates between 02:00 - 06:00.

为功能更新指定线程优先级Specify thread priority for feature updates

从 Configuration Manager 版本 1902 开始,可以调整 Windows 10 版本 1709 或更高版本客户端通过 Windows 10 维护服务安装功能更新的优先级。Starting in Configuration Manager version 1902, you can adjust the priority with which Windows 10 version 1709 or later clients install a feature update through Windows 10 servicing. 此设置对 Windows 10 就地升级任务序列没有影响。This setting has no impact on Windows 10 in-place upgrade task sequences.

此客户端设置提供以下选项:This client setting provides the following options:

  • 未配置:Configuration Manager 不更改设置。Not Configured: Configuration Manager doesn't change the setting. 管理员可以预暂存自己的 setupconfig.ini 文件。Admins can pre-stage their own setupconfig.ini file. 该值为默认值。This value is the default.

  • 常规:Windows 安装程序使用更多系统资源,更新更快。Normal: Windows Setup uses more system resources and updates faster. 它使用更多的处理器时间,因此总安装时间更短,但用户的服务中断时间更长。It uses more processor time, so the total installation time is shorter, but the user's outage is longer.

  • :可继续使用设备,而它在后台进行下载和更新。Low: You can continue to work on the device while it downloads and updates in the background. 总安装时间更长,但用户的服务中断时间更短。The total installation time is longer, but the user's outage is shorter. 可能需要增加更新最大运行时间以避免在使用此选项时超时。You may need to increase the update max run time to avoid a time-out when you use this option.

启用第三方软件更新Enable third party software updates

如果你将此选项设置为“是”,它会设置“允许 Intranet Microsoft 更新服务位置的签名更新”策略,并将签名证书安装到客户端上受信任的发布者库。When you set this option to Yes, it sets the policy for Allow signed updates for an intranet Microsoft update service location and installs the signing certificate to the Trusted Publisher store on the client.

启用功能更新的动态更新Enable Dynamic Update for feature updates

从 Configuration Manager 版本 1906 开始,可以配置 Windows 10 动态更新Starting in Configuration Manager version 1906, you can configure Dynamic Update for Windows 10. 动态更新通过指示客户端从 Internet 下载这些更新,在 Windows 安装过程中安装语言包、按需功能、驱动程序和累积更新。Dynamic Update installs language packs, features on demand, drivers, and cumulative updates during Windows setup by directing the client to download these updates from the internet. 如果将此设置设置为“是”或“否”,Configuration Manager 将修改功能更新安装期间使用的 setupconfig 文件 。When this setting is set to either Yes or No, Configuration Manager modifies the setupconfig file that is used during feature update installation.

  • 未配置 - 默认值。Not Configured - The default value. 未更改 setupconfig 文件。No changes are made to the setupconfig file.
    • 默认情况下,在所有受支持的 Windows 10 版本上启用动态更新。Dynamic Update is enabled by default on all supported versions of Windows 10.
      • 对于 Windows 10 版本 1803 及更早版本,动态更新会检查设备的 WSUS 服务器是否有批准的动态更新。For Windows 10 versions 1803 and prior, Dynamic Update checks the device's WSUS server for approved dynamic updates. 在 Configuration Manager 环境中,绝不会在 WSUS 服务器中直接批准动态更新,因此这些设备不会安装这些更新。In Configuration Manager environments, dynamic updates are never directly approved in the WSUS server so these devices don't install them.
      • 从 Windows 10 版本 1809 开始,动态更新使用设备的 Internet 连接从 Microsoft 更新获取动态更新。Starting with Windows 10 version 1809, Dynamic Update uses the device's internet connection to get dynamic updates from Microsoft Update. 不会发布这些动态更新以供 WSUS 使用。These dynamic updates aren't published for WSUS use.
  • - 启用动态更新。Yes - Enables Dynamic Update.
  • - 禁用动态更新。No - Disables Dynamic Update.

状态消息State Messaging

状况消息报告周期(分钟)State message reporting cycle (minutes)

指定客户端报告状况消息的频率。Specifies how often clients report state messages. 此设置默认为 15 分钟。This setting is 15 minutes by default.

用户和设备相关性User and device affinity

用户设备相关性使用情况阈值(分钟)User device affinity usage threshold (minutes)

指定在 Configuration Manager 创建用户设备相关性映射之前的分钟数。Specify the number of minutes before Configuration Manager creates a user device affinity mapping. 默认情况下,此值为 2880 分钟(两天)。By default, this value is 2880 minutes (two days).

用户设备相关性使用情况阈值(天)User device affinity usage threshold (days)

指定客户端测量基于使用情况的设备相关性阈值的天数。Specify the number of days over which the client measures the threshold for usage-based device affinity. 默认情况下,此值为 30 天。By default, this value is 30 days.

备注

例如,将“用户设备相关性使用情况阈值(分钟)”指定为 60 分钟,将“用户设备相关性使用情况阈值(天)”指定为 5 天。For example, you specify User device affinity usage threshold (minutes) as 60 minutes, and User device affinity usage threshold (days) as 5 days. 然后用户在 5 天内使用该设备必须达到 60 分钟,以创建该设备的自动相关性。Then the user must use the device for 60 minutes over a period of 5 days to create automatic affinity with the device.

利用使用情况数据自动配置用户设备相关性Automatically configure user device affinity from usage data

选择“是”可基于 Configuration Manager 收集的使用情况信息自动创建用户设备相关性。Choose Yes to create automatic user device affinity based on the usage information that Configuration Manager collects.

允许用户定义其主要设备Allow user to define their primary devices

当此设置为“是”时,用户可在软件中心内标识自己的主要设备。When this setting is Yes, users can identify their own primary devices in Software Center. 有关详细信息,请参阅软件中心用户指南For more information, see the Software Center user guide.

Windows 诊断数据Windows Diagnostic Data

重要

此组旧称为“Windows Analytics”。This group was previously called Windows Analytics. Microsoft 已于 2020 年 1 月 31 日停用了 Windows Analytics 服务。Microsoft retired the Windows Analytics service on January 31, 2020. 有关详细信息,请参阅 KB 4521815:Windows Analytics 将于 2020 年 1 月 31 日停用For more information, see KB 4521815: Windows Analytics retirement on January 31, 2020.

Windows Analytics 演变为桌面分析。Desktop Analytics is the evolution of Windows Analytics. 使用桌面分析来管理 Windows 诊断数据设置。Use Desktop Analytics to manage Windows diagnostic data settings. 有关详细信息,请参阅什么是桌面分析For more information, see What is Desktop Analytics.