Windows 10 MDM Bridge WMI Provider: Settings template

This week my post is a few days later, as my post is an extension of my session at the Workplace Ninja Virtual Summit 2020. At the virtual summit I did a session about Getting to know the Windows 10 MDM WMI Bridge provider and during my session I shared how to easily work with the Windows 10 MDM Bridge WMI provider. Similar to using Microsoft Intune to address the different CSPs, we can also use PowerShell via the WMI bridge.

The main thing that I’ve showed at the end of that session was a setting template, basically a PowerShell-function, that can be used to set, adjust and remove nearly all settings via the MDM WMI Bridge provider. That PowerShell-script is available below and I’ve completely documented the use, parameters and what it exactly does.

[gist /]

An example to use this function to hide the app list in Start can be found below.

Update-PolicySetting -className 'MDM_Policy_Config01_Start02' -parentID './Vendor/MSFT/Policy/Config' -instanceID 'Start' -configureProperty 'HideAppList' -valueProperty 1 

As mentioned during my session, the required parameters can be found mainly by looking at WMI by using the WMI Explorer. The name of the instance is the node of the OMA-URI that contains the required configuration. In this case Start. When you can’t find the required information, you can always refer to the documentation that’s shared below.

More information

During my sessions I’ve showed many reference to post that describe the subjects that I covered. For future reference those posts are summarized below.

9 thoughts on “Windows 10 MDM Bridge WMI Provider: Settings template”

  1. Nice and inspirational work sir.

    Quick question re Autoplay policies if you don’t mind. I get “A general error occurred that is not covered by a more specific error code” for the below. Any advise ?

    Update-PolicySetting -className ‘MDM_Policy_Config01_Autoplay02’ -parentID ‘./Vendor/MSFT/Policy/Config’ -instanceID ‘Autoplay’ -configureProperty ‘SetDefaultAutoRunBehavior’ -valueProperty ‘disabled

    On the other hand the
    “Update-PolicySetting -className “MDM_Policy_Config01_Settings02” -parentID ‘./Vendor/MSFT/Policy/Config’ -instanceID “Settings” -configureProperty “AllowAutoPlay” -valueProperty 1 -Verbose” works. Obscurely different
    classes, but still, apprach is the same.

    The former is ADMX-backed policy, but I would assume it ships with Windows 10 by default, no need to inject anything, is it?


  2. Well, after settings the former, and running the: Get-CimInstance -Namespace “root\cimv2\mdm\dmmap” -ClassName “MDM_Policy_Config01_Settings02”, I get the below. So works the way I see it.

    AllowAutoPlay : 1
    AllowDataSense :
    AllowDateTime :
    AllowEditDeviceName :
    AllowLanguage :
    AllowOnlineTips :
    AllowPowerSleep :
    AllowRegion :
    AllowSignInOptions :
    AllowVPN :
    AllowWorkplace :
    AllowYourAccount :
    InstanceID : Settings
    PageVisibilityList :
    ParentID : ./Vendor/MSFT/Policy/Config
    PSComputerName :

    Whereas for for “Get-CimInstance -Namespace “root\cimv2\mdm\dmmap” -ClassName “MDM_Policy_Config01_Autoplay02”” I get empty results, which is expected, as it wasn’t set in the first place.

    I think the ADMX-backed policy needs XML input and etc, which I can’t grasp at this stage with my tired brain alas.

    Thank you

  3. Hi Peter,

    I know this is an old post, but I wonder you could advise how to set (in essence override, at least temporary) the RemovableDrivesRequireEncryption Bitlocker CSP (className ‘MDM_BitLocker’) to disabled state?



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.