Client Settings - MECM / SCCM

Wolfgang Henning - zbits GmbH 1 Reputation point
2021-06-29T13:08:17.63+00:00

Hey folks,
we are facing a technical question regarding the real function of the client settings in MECM.
We want to understand, how did the MECM agent enforce the custom client settings on the Windows 10 Client?
We didn't found any hint how this mechanism really works.
Are there only registry keys which are set, or are their local GPO's, or what the heck is the underlaying mechanism?
best regards

Microsoft Configuration Manager
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Jason Sandys 31,151 Reputation points Microsoft Employee
    2021-06-29T13:41:12.593+00:00

    All client policy is delivered in the form of an XML file from the MP and stored in WMI on the client. How each setting is ultimately enforced is setting specific though. The vast majority of settings are not group policies at all but are ConfigMgr specific and thus don't make it anywhere else (outside of WMI). Sometimes the values are stored in the registry as well, but as noted, it totally depends on the setting itself.

    What challenge(s) are you trying to address?

    0 comments No comments

  2. Wolfgang Henning - zbits GmbH 1 Reputation point
    2021-06-29T14:11:26.543+00:00

    Hi Jason,
    if a client had a config mgr agent installed in the past and the default client settings option "automatically register new Windows 10 domain joined devices with Azure Active Directory" was set to "no", the client can't make the azure AD Join successfully, although we uninstalled the config mgr agent. A Domain GPO said for Domain Joined Clients they should make the hybrid azure ad join. But it seems the client settings from the removed config mgr agent ist already present on the system.
    Is their a way to remove such client settings which where prior set by config manager?

    0 comments No comments

  3. Jason Sandys 31,151 Reputation points Microsoft Employee
    2021-06-29T15:40:55.293+00:00

    To my knowledge, that setting specifically is a local group policy configured by the ConfigMgr agent that I would expect/hope is removed when the agent is removed. Either way though, a domain -based group policy will 100% override this so there is almost certainly more going on here. Have you reviewed the event logs and the troubleshooting tasks at https://learn.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current?

    0 comments No comments

  4. AllenLiu-MSFT 40,001 Reputation points Microsoft Vendor
    2021-06-30T07:36:59.303+00:00

    Hi, @Wolfgang Henning - zbits GmbH
    Thank you for posting in Microsoft Q&A forum.
    Try to Enable the group policy: Register domain-joined computers as devices under Computer Configuration – Administrative Templates – Windows Components – Device Registration.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments