As a Workspace ONE UEM administrator, there are times when you may need to set a registry key manually. This could be so that an application has a specific setting or maybe a security setting that is not yet available via Windows 10 MDM. In this post, we will walk through how to configure a registry setting and also how to clean up that setting when the profile is removed via the Workspace ONE UEM console (UEM Console).
In general the following process will get the profile created and deployed via the UEM Console. A quick overview of the different values in the xml settings is provided below. Each setting contains a brief explanation of it's purpose and what can/should be modified is below.
- Configure the Install Settings
- Configure the Remove Settings
- Create a new Windows 10 Profile in the UEM Console
- Assign the profile to targeted devices via Smart Groups
- Monitor and confirm installation status
The below sample is a template of the settings that will be configured for the install and remove settings of the custom settings profile. Note that this is targeted specifically at the Registry operation. The Intelligent Hub App can accept other operations as well but this guide is only focusing on Registry operations.
The xml is wrapped with the wap-provisioningdoc tags. Please note the following key values:
- wap-provisioningdoc items
- id for wap-provisioningdoc - This value needs to be unique for the profile commands. The UEM Console and associated services use Universally Unique IDs or UUIDs.
- customprofile - This tells hub that this is a custom profile so that the appropriate action can be taken.
- characteristic items
- "id" for the characteristic tag - This value needs to be unique as well.
- param items
- Registrypath - Path to the Registry Key/Hive
- Action - Target Action for the registry action. Supported Values are Replace and Remove
- Value items
- Name - Key/Value Name
- Data - Values to be inserted
- Type - Data type to be inserted. This must be the supported types of the Windows Registry, e.g. String, DWORD, etc.
For the install settings, a fictitious application will be used so that we can use fictional values for demonstration purposes. This fictitious app will be referred to as FakeApp and is published by MikeNelson Co. FakeApp has a few configuration values to set that make the end user and IT's life much simpler.
- SetupURL - String data type
- FakeAppFeatureFlag - DWORD data type
Knowing that these two settings will be configured, the install settings will resemble the below xml.
To configure the remove settings, one change needs to be made to the install settings; otherwise, keep the settings more or less the same. The only change is to modify the Action of the param tag to "Remove". After making that change the remove settings will resemble the below xml.
The next set of steps focus on creating the new Windows 10 profile and deploying to targeted devices.
In the UEM Console, add a new Windows Desktop profile.
- Select Device Profile for machine wide settings and User Profile for settings specific to a user.
Configure the General Profile section
- Give the Profile a name, in this instance Fake App Settings
- Set the profile assignement type. "Auto" will deploy the profile automatically and "Manual" makes the profile an on demand setting
- Assign the profile to the desired Smart Group.
Configure Custom Settings
- Set the target of the profile to "Workspace ONE Intelligent Hub"
- Uncheck "Make Commands Atomic"
- Paste the Install Settings in the Install Settings text box
- Paste the Remove Settings in the Remove Settings text box
Save and Publish the profile
Verify the device list is correct and click Publish
For one of the target devices, the profile has reported back that it is installed.
On the device, RegistryEditor will verify if the settings applied successfully.
- Open RegEdit.exe
- Expand the HKEY_LOCAL_MACHINE Hive.
- Keep expanding the Hives until HKLM\SOFTWARE\MikeNelson is expanded.
- Click on "FakeApp"
- Notice in the window that there are now two settings applied. These settings match what was installed.
Now that install is working, check that the removal of these settings is working as desired.
- In the console, click Remove to initiate the Remove profile command.
- Once the device checks in, it will process the command and indicate that the profile is removed.
- On the device, refresh the registry. Notice that while the hive/key are present still, the values themselves have been removed correctly.
In this How To post, a Custom Settings profile was configured in the UEM console and pushed to a device. These settings configured a fictitiousicous application in the registry. A similar process can be used to configure the registry in many ways that a use case may dictate for your deployment.
Thanks for reading.