Skip to content

ADMX ingestion for Centero Agent and Carillon Client using Intune

This article is about the ADMX templates for Centero Agent and Carillon client, that you can use to configure the settings on your endpoints. Microsoft Endpoint Manager (Intune) is capable of ADMX ingestion, but this process can be complex sometimes. This article will explain the ADMX ingestion and has a couple of examples, on how to handle various settings.

ADMX ingestion

Before the client can use settings from the ADMX template, you need to ingest them with Microsoft Endpoint Manager/Intune

TIP: Use an editor like Notepad or Visual Studio code to explore the ADMX template. You will need the content of the ADMX template, and need it as a reference to build the policies. ADMX templates can be found in the \ADMX Templates directory on installation media. In Microsoft Endpoint Manager, create a new custom profile for Windows 10 and later.

Under OMA-URI settings, create a new row.

  1. Enter a name, for example “Centero ADMX ingestion”
  2. Enter a description
  3. Use this OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Centero/Policy/CenteroAdmx
  4. Pick String as your data type
  5. Paste the entire content of the .admx file in the value property.

Apply the setting to one of your test systems, and check of the policy is ingested under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\{GUID}

Centero Agent and Carillon settings

After the ADMX template is ingested, you can continue to configure the settings. There are a couple of important values that you need to build your settings.

For example, if you want to set the gateway address, the policy would look like this:

Let’s start with the OMA-URI. The first part is static, and always the same: ./Device/Vendor/MSFT/Policy/ Centero~Policy~Cat_Centero_9~

Next comes the category, which will depend on your setting. The gateway setting is part of the CAT_446435B1_DCCD_4C46_8AC1_976E589689AB category. You can find that in the ADMX template (2)

Next comes the policy itself, which you will also find in the ADMX template (1). In this case that is POL_622F9116_26DE_40D8_9E2E_E8952ED5458E

Putting it all together, your OMA-URI will look like this: OMA=URI: ./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_446435B1_DCCD_4C46_8AC1_976E589689AB/POL_622F9116_26DE_40D8_9E2E_E8952ED5458E

In this case, you need to pick ‘String’ as your data type, but some settings will also support Boolean or Integer as well. 

The value of the setting will hold the data-id parameter, which you can find in the ADMX template as well (3) This might be named differently, depending on what setting you use. Most of the time it is referred to as ‘text id’, ‘enum-id’,  or ‘decimal id’. In this case that value is TXT_EC78A049_4300_4489_8CF1_275A2B4D0901. The value itself is the address of your gateway.

The value will look like this:<enabled/> <data id=”TXT_EC78A049_4300_4489_8CF1_275A2B4D0901″ value=””/>


Polices are divided into three different categories. Each category has its own prefix.

Carillon Client./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~Cat_Carillon_11~Cat_Client_13
Centero Agent./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_446435B1_DCCD_4C46_8AC1_976E589689AB
Centero Service./Device/Vendor/MSFT/Policy/Config/Centero~Policy~Cat_Centero_9~CAT_DD93EB8C_8C0E_4A33_9D15_3E948772FF72


A couple of samples for the most used settings. Here you can see the different types of categories, policies, and data types.

Name Set usage scenario
Description 0=login screen only 1=user context only 2=both
Data type String
Value <enabled/> <data id=”Policy_DropList_Element_Credential_provider_2812900″ value=”1″/>
NotesBy default, the Carillon screen shows up on both the login screen and user context.

Name Gateway address
Description Set gateway address
Data type String
Value <enabled/> <data id=”TXT_EC78A049_4300_4489_8CF1_275A2B4D0901″ value=”https: //”/>

Name Credential provider show use activation code
Description Credential provider show use activation code
Data type String
Value <enabled/> or <disabled/>
NotesThis setting will enable or disable the use of the activation code. By default, this is enabled.

Name Credential provider show use local account
Description Credential provider show use local account
Data type String
Value <enabled/> or <disabled/>
NotesThis setting will enable or disable the use of a local account. By default, this is enabled.

Name Credential provider show use domain account
Description Credential provider show use domain account
Data type String
Value <enabled/> or <disabled/>
NotesThis setting will enable or disable the use of a domain account. By default, this is enabled.

Name Credential provider default activation type
Description 1=domain account 2=local account 3=activation code
Data type String
Value <enabled/> <data id=”DST_4E56F178_A4F2_4A93_BD0E_914E221A8FFF” value=”1″/>
NotesConfigure the default activation type.

Troubleshoot and tips

When the settings are applied, they will show up under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Centero

By using the Event Viewer, you can see if the settings are applied correctly: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

Leave a Reply

Your email address will not be published. Required fields are marked *