Forum Discussion
Please explain custom configuration policy oma-uri settings.
I have tried and tried to understand custom config policies. I have read every document Microsoft has on the topic and I have walked away with less understanding than I started.
I have never been able to get it to work. I don't understand the premise. I keep having to search for examples but most don't work and most don't detail why or how to get working.
It is like Microsoft spent more time not documenting it than just telling us what to do.
So please someone can you dumb it down a whole lot?
I really want to understand it but I'm just giving up and need a boost to try again.
3 Replies
Hy,
For anything that don't work submit an Issue on Microsoft Side or Open a Case.
The docs are not so bad if you find what you need.
Yes you need to ad ADMX for specific and Custom Settings based on your needs.
Things are failing because are not working , sorry .... :)
Let me try to explain, maybe this will help you also:
Basic Concept ADMX
An ADMX file is an XML-based administrative template used by Microsoft Windows to define and manage Group Policy settings for computers and users within a Tenant.
What Are ADMX Files Used For?
- Defining Group Policy Settings
- Centralized Policy Management
- Multilingual Support: ADMX files are language-neutral. They work in conjunction with language-specific ADML files to display policy descriptions in different languages, supporting global administrative environments.
- Registry Configuration: Each policy defined in an ADMX file corresponds to specific changes in the Windows Registry, allowing precise control over system and user settings.
- Extensibility: Microsoft provides default ADMX files for Windows and its components, but organizations can also create custom ADMX files to manage settings for third-party applications or custom requirements
How Are ADMX Files Used?
Editing Policies: When an administrator opens the Group Policy Editor, it reads the ADMX files (typically stored in the C:\Windows\PolicyDefinitions folder or a central store on domain controllers) to display available settings.
Deploying Policies: Once a policy is configured, the settings are stored in the Group Policy Object (GPO), and the corresponding registry changes are applied to targeted computers or users.
Central Store: OnPrem - ADMX files can be placed in a central store (\\domain\SYSVOL\domain\Policies\PolicyDefinitions) so all domain controllers and administrators use a consistent set of templates, Old style :) , new style CSP :)
Ok let´s resume:
1. Configuration Service Provider (CSP) is is a component of the Windows operating system that exposes a standardized interface for configuring device settings.
Delivery mechanism: Settings are typically delivered via OMA-URI (Open Mobile Alliance Uniform Resource Identifier) profiles through MDM platforms.
2. Client Side Extension (CSE) this is the Old Style OnPrem with AD, basically a specialized DLL component on Windows clients that processes and applies Group Policy Objects (GPOs) received from domain controllers.
Delivery mechanism: Settings are delivered via GPOs from domain controllers and applied by the corresponding CSE on the client device.
Don´t try to ingest all the informations :)
Good luck!
Hy,
yes you are right is a little bit confusing...i will try to give you some start points in order for you to be able to have e better overview.
So...
Open Mobile Alliance - Uniform Resources (OMA-URIs), a Microsoft Proprietary Language that describe how custom policies are delivered to a Windows 10-based device with Microsoft Intune.
CSPs - are an interface that is used by mobile device management (MDM) providers to read, set, modify, and delete configuration settings on the device. Typically, it is done through keys and values in the Windows Registry. CSP policies have a scope that defines the level at which a policy can be configured. It is similar to the policies that are available in the Microsoft Intune admin center.
How it Works:
Intune: After a custom policy is created and assigned to client devices, Intune becomes the delivery mechanism that sends the OMA-URIs to those Windows clients. Intune uses the Open Mobile Alliance Device Management (OMA-DM) protocol to do this. It is a pre-defined standard that uses XML-based SyncML to push the information to the client.
CSPs: After the OMA-URIs reach the client, the CSP reads them and configures the Windows platform accordingly. Typically, it does this by adding, reading, or changing registry values.
Check the Link bellow in order to test that and to better understand it.
Example:
basically delete a configuration for a reboot task
NAME: Task Reboot Delete
OMA-URI: in this Case the Scope, either User, Device in our Case Device:
./Device/Vendor/MSFT/Reboot/Schedule/DailyRecurrent
Data type: is a String (check the link bellow and see Format)
Value: Location,Property or admx Files
Hope it helps you to find a further Path.
Good luck!
Yes, I have read all of these. It's missing something.
What about the examples that don't work? What about when I want to make something happen?
What I mean by this is the docs never truly explain what is needed on the client side for success.
Do I need to add an ADMX file to the local system?
Can I randomly write to the registry where I want?
Why are some things failing? (The logs are BS and not really helpful unless you experience success.)
Am I limited in scope about what can be used? (Docs do mention this but it's annoyingly spotty what does and doesn't work)
