This article is about the ADMX templates for Centero Agent and Carillon client, that you can use to configure the settings on your endpoints. Microsoft Endpoint Manager (Intune) is capable of ADMX ingestion, but this process can be complex sometimes. This article will explain the ADMX ingestion and has a couple of examples, on how to handle various settings.
ADMX ingestion
Before the client can use settings from the ADMX template, you need to ingest them with Microsoft Endpoint Manager/Intune
TIP: Use an editor like Notepad or Visual Studio code to explore the ADMX template. You will need the content of the ADMX template, and need it as a reference to build the policies. ADMX templates can be found in the \ADMX Templates directory on installation media. In Microsoft Endpoint Manager, create a new custom profile for Windows 10 and later.
Under OMA-URI settings, create a new row.
- Enter a name, for example “Centero ADMX ingestion”
- Enter a description
- Use this OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Centero/Policy/CenteroAdmx
- Pick String as your data type
- Paste the entire content of the .admx file in the value property.
Apply the setting to one of your test systems, and check of the policy is ingested under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\{GUID}
Centero Agent and Carillon settings
After the ADMX template is ingested, you can continue to configure the settings. There are a couple of important values that you need to build your settings.
For example, if you want to set the gateway address, the policy would look like this:
Let’s start with the OMA-URI. The first part is static, and always the same: ./Device/Vendor/MSFT/Policy/ Centero~Policy~Cat_Centero_9~
Next comes the category, which will depend on your setting. The gateway setting is part of the CAT_446435B1_DCCD_4C46_8AC1_976E589689AB category. You can find that in the ADMX template (2)
Next comes the policy itself, which you will also find in the ADMX template (1). In this case that is POL_622F9116_26DE_40D8_9E2E_E8952ED5458E
Putting it all together, your OMA-URI will look like this: OMA=URI: ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_446435B1_DCCD_4C46_8AC1_976E589689AB/POL_622F9116_26DE_40D8_9E2E_E8952ED5458E
In this case, you need to pick ‘String’ as your data type, but some settings will also support Boolean or Integer as well.
The value of the setting will hold the data-id parameter, which you can find in the ADMX template as well (3) This might be named differently, depending on what setting you use. Most of the time it is referred to as ‘text id’, ‘enum-id’, or ‘decimal id’. In this case that value is TXT_EC78A049_4300_4489_8CF1_275A2B4D0901. The value itself is the address of your gateway.
The value will look like this:<enabled/> <data id=”TXT_EC78A049_4300_4489_8CF1_275A2B4D0901″ value=”https://gateway.com/AgentGateway.asmx”/>
Categories
Polices are divided into three different categories. Each category has its own prefix.
Carillon Client | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13 |
Centero Agent | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_446435B1_DCCD_4C46_8AC1_976E589689AB |
Centero Service | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_DD93EB8C_8C0E_4A33_9D15_3E948772FF72 |
Examples
A couple of samples for the most used settings. Here you can see the different types of categories, policies, and data types.
Name | Set usage scenario |
Description | 0=login screen only 1=user context only 2=both |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13/Policy_Credential_provider_2812897 |
Data type | String |
Value | <enabled/> <data id=”Policy_DropList_Element_Credential_provider_2812900″ value=”1″/> |
Notes | By default, the Carillon screen shows up on both the login screen and user context. |
Name | Gateway address |
Description | Set gateway address |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_446435B1_DCCD_4C46_8AC1_976E589689AB/POL_622F9116_26DE_40D8_9E2E_E8952ED5458E |
Data type | String |
Value | <enabled/> <data id=”TXT_EC78A049_4300_4489_8CF1_275A2B4D0901″ value=”https: //centero.com/AgentGateway.asmx”/> |
Name | Credential provider show use activation code |
Description | Credential provider show use activation code |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13/POL_4791A655_C211_4F64_AF29_E709F4F93E01 |
Data type | String |
Value | <enabled/> or <disabled/> |
Notes | This setting will enable or disable the use of the activation code. By default, this is enabled. |
Name | Credential provider show use local account |
Description | Credential provider show use local account |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13/POL_2AA87D01_3385_4AA4_A8BD_7C3F08BA2C15 |
Data type | String |
Value | <enabled/> or <disabled/> |
Notes | This setting will enable or disable the use of a local account. By default, this is enabled. |
Name | Credential provider show use domain account |
Description | Credential provider show use domain account |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13/POL_72C9F936_DEEB_4B36_9C57_3508E041EC95 |
Data type | String |
Value | <enabled/> or <disabled/> |
Notes | This setting will enable or disable the use of a domain account. By default, this is enabled. |
Name | Credential provider default activation type |
Description | 1=domain account 2=local account 3=activation code |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13/POL_CDE2AE07_7B33_4B56_9519_C9FBD5A08836 |
Data type | String |
Value | <enabled/> <data id=”DST_4E56F178_A4F2_4A93_BD0E_914E221A8FFF” value=”1″/> |
Notes | Configure the default activation type. |
Troubleshoot and tips
When the settings are applied, they will show up under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Centero
By using the Event Viewer, you can see if the settings are applied correctly: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin