Key Takeaways:
- Helps to Resource Exhaustion Risks
- IT admins monitor and mitigate resource exhaustion scenarios
- Improves server stability and reduces downtime
- Ensuring servers are safeguarded in hybrid and cloud environments
Let’s discuss How to Protect Servers from Resource Exhaustion Using Intune. How to Protect Servers from Resource Exhaustion policy is a specialized network hardening configuration which were designed to provide more granular control over the Windows TCP/IP stack than the standard out-of-the-box settings.
Table of Contents
How to Protect Servers from Resource Exhaustion Using Intune
This setting determines the maximum number of times the Windows TCP/IP stack will retransmit an individual data segment (a packet) that has not been acknowledged by the receiver before it considers the connection “dead” and terminates it.
- Require Password when Computer Wakes on Battery using Intune
- How to Remove Assigned Group from Energy Saver Battery Threshold Policy in Intune Settings Catalog
- Improve Windows PC Performance by using New Efficiency Mode
Example Scenario
A high-frequency trading firm enables this and sets it to 3. Because their network is ultra-stable, any packet loss that persists for 3 retries indicates a genuine failure. By dropping the connection early, their automated systems can trigger a failover to a secondary site 30 – 60 seconds faster than the default Windows behavior, potentially saving millions in “stuck” trades.
Configure Policy with Intune Admin Center
To start Split Screen in Microsoft Edge policy creation, sign in with Microsoft Intune Admin center. Go to Devices > Configuration > +Create >+ New Policy. Look at the below screenshot.
Create Profile
Creating Profile is the next step after clicking on Create button. On this step you can choose platform and profile type. Here I would like to configure the policy to Windows 10 and later platform and settings catalog profile. Then click on the Create button.
Beginning Step
Basic Tab is the first tab that used to add Name and Description for the policy. This is very important step that gives an identity for your policy. Here Name is Mandatory and Description is optional. After adding this, click on the Next button.
Configure Protect Servers from Resource Exhaustion
From the Configuration Tab, you can see the +Add settings hyperlink to access specific settings. When you click on this hyperlink, you will get Settings Picker. Here, I would like to select the settings by browsing by Category. I choose Administrative Templates > System > Troubleshooting and Diagnostics > Windows Resource Exhaustion Detection and Resolution settings.
Disable Protect Servers from Resource Exhaustion
If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. This is the default value of this policy.
Enable Protect Servers from Resource Exhaustion
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
Adding Scope Tags
Scope Tags sections help you add restrictions to the visibility of the Policy. But it is not a mandatory step, so you can skip this step. Here, I don’t add scope tags for Protect Servers from Resource Exhaustion Policy. Click on the Next button.
Selecting Group from the Assignment Tab
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Review + Create Tab
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Monitoring Status
The Monitoring Status page shows whether the policy has succeeded or not. To quickly configure the policy and take advantage of the policy sync, the device on the Company Portal, Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.
Event Viewer
It helps you check the client side and verify the policy status. Open the Client device and open the Event Viewer. Go to Start > Event Viewer. Navigate to Logs: In the left pane, go to Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.
- You will get the success result on Event ID 814
| Event ID Details |
|---|
| MDM PolicyManager: Set policy string, Policy: (NC_RasConnect), Area: (ADMX_NetworkConnections), EnrollmentID requesting merge: (EB427D85-802F-46D9-A3E2- D5B414587F63), Current User: (S-1-12-1-3449773194-1083384580-749570698-1797466236), String: (), Enrollment Type: (0x6), Scope: (0x1). |
Removing the Assigned Group from Protect Servers from Resource Exhaustion Settings
If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.
To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Protect Servers from Resource Exhaustion
You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Windows CSP Details
Determines the execution level for Windows Resource Exhaustion Detection and Resolution. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately.
This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community and WhatsApp Channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.