introduction
in previous article we have discussed the importance of client settings policy
and we said that administrator can manage every thins on client computer with these policy settings
after we discussing some consideration points ,we have seen how client settings is working by example of remote tools policy :
- we created new custom policy
- check priority
- depoy policy to all computers
- we noted that policy has NOT been applied yet because we have to wait 60 minutes
- OR we can take manual action to force policy run NOW
- after run policy retrieval manually > policy has been applied and [remote tools ] are enabled on client computer
in this article > we will discuss the client settings it self to see which is very important to you so you can focus
Client cache settings
In software deployment : SCCM send software package .exe or .msi to client computer path C:\Windows\ccmcache
This folder has 5GB maximum Quota to avoid make HDD getting full
Sometimes 5GB is already used , or sometime we need to deploy software mare than 5GB
In this policy we can configure the cache folder size or even the percentage of cache from HDD
As Network pioneers we recommend to keep 5GB as default and clean up folder when about to reach threshold
Please don’t change policy unless you have software mare than 5 GB
Compliance settings
as part of IT governance : you can create your company configuration baseline and evaluate if computers in you network are compliance with these policy
Compliance is evaluated by defining a configuration baseline that contains the configuration items that you want to evaluate and settings and rules that describe the level of compliance you must have.
You can import this configuration data from the web in Microsoft System Center Configuration Manager Configuration Packs as best practices that are defined by Microsoft and other vendors, in Configuration Manager,
and then import into Configuration Manager.
An Administrator can create new configuration items and configuration baselines. After a configuration baseline is defined,
you can deploy it to users and devices through collections and evaluate its settings for compliance on a schedule. Client devices can have multiple configuration baselines deployed to them.
this is simple brief of compliance , later we will cover compliance in separate article
computer agent
When users receive required software, and select the Snooze and remind me setting, they can choose from the following options:
Later: Specifies that notifications are scheduled based on the notification settings configured in client settings.
Fixed time: Specifies that the notification is scheduled to display again after the selected time. For example, if you select 30 minutes, the notification displays again in 30 minutes.
The maximum snooze time is always based on the notification values configured in the client settings at every time along the deployment timeline. For example:
You configure the Deployment deadline greater than 24 hours, remind users every (hours) setting on the Computer Agent page for 10 hours.
The client displays the notification dialog more than 24 hours before the deployment deadline.
The dialog shows snooze options up to but never greater than 10 hours.
As the deployment deadline approaches, the dialog shows fewer options. These options are consistent with the relevant client settings for each component of the deployment timeline.
computer restart settings
in this policy we can configure 3 settings :
- Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes)
- Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes)
- Specify the snooze duration for computer restart countdown notifications (minutes)
Endpoint Protection
SCCM uses System Center Endpoint Protection to protect computers against malware attacks.
Additionally, the SCCM uses Windows Group Policy to ensure that the Windows Firewall is enabled on all computers in the company and that users are notified when Windows Firewall blocks a new program.
Choose Yes if you want to manage existing Endpoint Protection and Windows Defender clients on computers in your hierarchy.
Enrollment
To enable user-based enrollment of modern devices, set this option to Yes, and then configure the following setting:
- Modern device enrollment profile: Select Set Profile to create or select an enrollment profile
Hardware inventory
by default : SCCM client send hardware inventory to SCCM server every 7 days , which is reasonable value : simply because Hardware is NOT replaced every day on you computer
also you can customize the file size beside with other settings
Conclusion
in second part of Client settings policy we discussed 7 of client settings which is
- client cache settings
- compliance settings
- computer agent
- endpoint protect
- enrollment
- hardware inventory
next article in client settings policy part III ,we will discuss another client settings policies :
- remote tools
- software center
- software deployment
- software inventory
- software metering
- software update
- windows analytic
please be notified that each one of above article is part of separate article ,
but here in network pioneers ,we just discuss it from settings policy perspectives