Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Is there a list of what the client uses Local Group Policy for?

Contributor

For security hardening, we are required to enable this group policy - "Turn off Local Group Policy objects processing"

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-windows-10-version-2... (under "Group Policy processing")

 

My understanding is that the MECM client adds entries to Local Group Policy and I was wondering if the entries created are documented anywhere.  I am assuming that any settings written here won't be processed with that policy enabled.  

 

For example, this page talks about BITS settings written to local policy. 

https://blog.tyang.org/2012/05/05/my-observation-on-sccm-clients-bits-settings/

 

and this one talks about WSUS settings written to local GP. 

https://www.petervanderwoude.nl/post/local-group-policies-for-wsus-and-the-software-update-agent-of-...

I figure if I can get a list, then I can add GP settings or GPP's to add the settings via a domain based policy instead.  

even if you don't know of a list but know of individual settings, please let me know so I can add as many as possible.  

Edit: - I did find the currently configured settings by running gpedit.msc so I can at least configure what we have in place currently but it would be nice to know what else might be set if we change any client config.  

PaulKlerkx_0-1639535623234.png

 

 

0 Replies