Поділитися через


Configuring Content Management in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Content management in Microsoft System Center 2012 Configuration Manager relies on the infrastructure of the distribution point site role. This section provides configuration information for creating the distribution point site role, configuring the distribution point properties, and creating distribution point groups.

Use the following sections in this topic to help you install and configure distribution points and distribution point groups:

  • Install and Configure the Distribution Point

  • Modify the Distribution Point Configuration Settings

  • Create and Configure Distribution Point Groups

  • Configure the Network Access Account

Important

Planning the distribution point infrastructure is an important first step in your content management strategy. For more information about planning for content management in your hierarchy, see Planning for Content Management in Configuration Manager.

Install and Configure the Distribution Point

You must designate a site system server as a distribution point before content can be made available to client computers. You can add the distribution point site role to a new site system server or add the site role to an existing site system server. Use the following procedure to add the distribution point site role to a new or existing site system server.

System_CAPS_security Security Note

You must have the following security permissions to create and configure a distribution point:

  • Read for the Distribution Point object

  • Copy to Distribution Point for the Distribution Point object

  • Modify for the Site object

  • Manage Certificates for Operating System Deployment for the Site object

To install and configure the distribution point site role on a site system server

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, and then click Servers and Site System Roles.

  3. Add the distribution point site system role to a new or existing site system server by using the associated step:

    Note

    For more information about installing site system roles, see Install and Configure Site System Roles for Configuration Manager.

    - **New site system server**: On the **Home** tab, in the **Create** group, click **Create Site System Server**. The Create Site System Server Wizard opens.
    
    - **Existing site system server**: Click the server in which you want to install the distribution point site system role. When you click a server, a list of the site system roles that are already installed on the server are displayed in the results pane.
    
      On the **Home** tab, in the **Server** group, click **Add Site System Role**. The Add Site System Roles Wizard opens.
    
  4. On the General page, specify the general settings for the site system server. When you add the distribution point to an existing site system server, verify the values that were previously configured.

  5. On the System Role Selection page, select Distribution point from the list of available roles, and then click Next.

  6. Configure the distribution point settings on the following pages of the wizard:

    - **Distribution Point** page
    
      Configure the general distribution point settings.
    
        - **Install and configure IIS if required by Configuration Manager**: Select this setting to let Configuration Manager install and configure Internet Information Services (IIS) on the server if it is not already installed. IIS must be installed on all distribution points. If IIS is not installed on the server and you do not select this setting, you must install IIS before the distribution point can be installed successfully.
    
        - Configure how client devices communicate with the distribution point. There are advantages and disadvantages for using HTTP and HTTPS. For more information, see [Security Best Practices for Content Management](gg699360\(v=technet.10\).md) section in the [Security and Privacy for Content Management in Configuration Manager](gg699360\(v=technet.10\).md) topic.
    
          For more information about client communication to the distribution point and other site systems, see the [Planning for Client Communications in Configuration Manager](https://go.microsoft.com/fwlink/?linkid=234538) section in the [Planning for Communications in Configuration Manager](gg712701\(v=technet.10\).md) topic.
    
        - **Allow clients to connect anonymously**: This setting specifies whether the distribution point will allow anonymous connections from Configuration Manager clients to the content library.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>When you deploy a Windows Installer application on a Configuration Manager client, Configuration Manager downloads the file to the local cache on the client and the files are eventually removed after the installation completes. The Configuration Manager client updates the Windows Installer source list for the installed Windows Installer applications with the content path for the content library on associated distribution points. Later, if you start the repair action from Add/Remove Programs on a Configuration Manager client, MSIExec attempts to access the content path by using an anonymous user. You must select the <STRONG>Allow clients to connect anonymously</STRONG> setting or the repair fails for clients.</P>
          > <P>You must always select the <STRONG>Allow clients to connect anonymously</STRONG> setting for Windows XP clients. For all other operating systems, you can install the update and modify a registry key described in Microsoft Knowledge Base article <A href="https://go.microsoft.com/fwlink/?linkid=279699">2619572</A>. After the update is installed on the clients, MSIExec will access the content path by using the logged on user account when you do not select the <STRONG>Allow clients to connect anonymously</STRONG> setting.</P>
    
    
          </div>
    
        - Create a self-signed certificate or import a public key infrastructure (PKI) client certificate for the distribution point. The certificate has the following purposes:
    
            - It authenticates the distribution point to a management point before the distribution point sends status messages.
    
            - When you select **Enable PXE support for clients** check box on the **PXE Settings** page, the certificate is sent to computers that perform a PXE boot so that they can connect to a management point during the deployment of the operating system.
    
          When all your management points in the site are configured for HTTP, create a self-signed certificate. When your management points are configured for HTTPS, import a PKI client certificate.
    
          To import the certificate, browse to a Public Key Cryptography Standard (PKCS \#12) file that contains a PKI certificate with the following requirements for Configuration Manager:
    
            - Intended use must include client authentication.
    
            - The private key must be enabled to be exported.
    
          <div class="alert">
    
    
          > [!NOTE]
          > <P>There are no specific requirements for the certificate subject or subject alternative name (SAN), and you can use the same certificate for multiple distribution points.</P>
    
    
          </div>
    
          For more information about the certificate requirements, see [PKI Certificate Requirements for Configuration Manager](gg699362\(v=technet.10\).md).
    
          For an example deployment of this certificate, see the [Deploying the Client Certificate for Distribution Points](gg682023\(v=technet.10\).md) section in the [Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority](gg682023\(v=technet.10\).md) topic.
    
        - **Enable this distribution point for prestaged content**: Select this setting to enable the distribution point for prestaged content. When this setting is selected, you can configure distribution behavior when you distribute content. You can choose whether you always want to prestage the content on the distribution point, prestage the initial content for the package, but use the normal content distribution process when there are updates to the content, or always use the normal content distribution process for the content in the package.
    
    - **Drive Settings** page
    
      Specify the drive settings for the distribution point. You can configure up to two disk drives for the content library and two disk drives for the package share, although System Center 2012 Configuration Manager can use additional drives when the first two reach the configured drive space reserve. The **Drive Settings** page configures the priority for the disk drives and the amount of free disk space that remains on each disk drive.
    
        - **Drive space reserve (MB)**: The value that you configure for this setting determines the amount of free space on a drive before Configuration Manager chooses a different drive and continues the copy process to that drive. Content files can span multiple drives.
    
        - **Content Locations**: Specify the content locations for the content library and package share. Configuration Manager copies content to the primary content location until the amount of free space reaches the value specified for **Drive space reserve (MB)**. By default, the content locations are set to **Automatic**. The primary content location is set to the disk drive that has the most disk space at installation, and the secondary location is assigned to the disk drive that has the second most free disk space. When the primary and secondary drives reach the drive space reserve, Configuration Manager selects another available drive with the most free disk space and continues the copy process.
    
      <div class="alert">
    
    
      > [!NOTE]
      > <P>To prevent Configuration Manager from installing on a specific drive, create an empty file named <STRONG>no_sms_on_drive.sms</STRONG> and copy it to the root folder of the drive before you install the distribution point.</P>
    
    
      </div>
    
    - **Pull Distribution Point** page
    
      For System Center 2012 Configuration Manager SP1 and later:
    
      Configure the distribution point to be a pull-distribution point by selecting **Enable this distribution point to pull content from other distribution points**.
    
        - Click **Add**, and then select one or more of the available distribution points to be source distribution points..
    
        - Click **Remove** to remove the selected distribution point as a source distribution point.
    
        - Use the arrow buttons to adjust the order in which the source distribution points are contacted by the pull-distribution point when the pull-distribution point attempts to transfer content. Distribution points with the lowest value are contacted first.
    
    - **PXE Settings** page
    
      Specify whether to enable PXE on the distribution point. When you enable PXE, Configuration Manager installs Windows Deployment Services on the server, if required. Windows Deployment Service is the service that performs the PXE boot to install operating systems. After you complete the wizard to create the distribution point, Configuration Manager installs a provider in Windows Deployment Services that uses the PXE boot functions.
    
      When you select **Enable PXE support for clients**, configure the following settings:
    
        - **Allow this distribution point to respond to incoming PXE requests**: Specifies whether to enable Windows Deployment Services so that it responds to PXE service requests. Use this check box to enable and disable the service without removing the PXE functionality from the distribution point.
    
        - **Enable unknown computer support**: Specify whether to enable support for computers that are not managed by Configuration Manager.
    
        - **Require a password when computers use PXE**: To provide additional security for your PXE deployments, specify a strong password.
    
        - **User device affinity**: Specify how you want the distribution point to associate users with the destination computer for PXE deployments. Select one of the following options:
    
            - **Allow user device affinity with auto-approval**: Select this setting to automatically associate users with the destination computer without waiting for approval.
    
            - **Allow user device affinity pending administrator approval**: Select this setting to wait for approval from an administrative user before users are associated with the destination computer.
    
            - **Do not allow user device affinity**: Select this setting to specify that users are not associated with the destination computer.
    
          For more information about user device affinity, see [How to Associate Users with a Destination Computer](hh846243\(v=technet.10\).md).
    
        - **Network interfaces**: Specify that the distribution point responds to PXE requests from all network interfaces or from specific network interfaces. If the distribution point responds to specific network interface, you must provide the MAC address for each network interface.
    
        - **Specify the PXE server response delay (seconds)**: Specifies, in seconds, how long the delay is for the distribution point before it responds to computer requests when multiple PXE-enabled distribution points are used. By default, the Configuration Manager PXE service point responds first to network PXE requests.
    
      <div class="alert">
    
    
      > [!NOTE]
      > <P>You can use the PXE protocol to start operating system deployments to Configuration Manager client computers. Configuration Manager uses the PXE-enabled distribution point site role to initiate the operating system deployment process. The PXE-enabled distribution point must be configured to respond to PXE boot requests that Configuration Manager clients make on the network and then interact with Configuration Manager infrastructure to determine the appropriate deployment actions to take. For more information about using PXE to deploy operating systems in Configuration Manager, see <A href="gg681992(v=technet.10).md">Planning to Deploy Operating Systems in Configuration Manager</A>.</P>
    
    
      </div>
    
    - **Multicast** page
    
      Specify whether to enable multicast on the distribution point. When you enable multicast, Configuration Manager installs Windows Deployment Services on the server, if required.
    
      When you select the **Enable multicast to simultaneously send data to multiple clients** check box, configure the following settings:
    
        - **Multicast Connection Account**: Specify the account to use when you configure Configuration Manager database connections for multicast.
    
        - **Multicast address settings**: Specify the IP addresses used to send data to the destination computers. By default, the IP address is obtained from a DHCP server that is enabled to distribute multicast addresses. Depending on the network environment, you can specify a range of IP addresses between 239.0.0.0 and 239.255.255.255.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>The IP addresses that you configure must be accessible by the destination computers that request the operating system image. Verify that routers and firewalls allow for multicast traffic between the destination computer and the site server.</P>
    
    
          </div>
    
        - **UDP port range for multicast**: Specify the range of user datagram protocol (UDP) ports that are used to send data to the destination computers.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>The UDP ports must be accessible by the destination computers that request the operating system image. Verify that routers and firewalls allow for multicast traffic between the destination computer and the site server.</P>
    
    
          </div>
    
        - **Client transfer rate**: Select the transfer rate that is used to download data to the destination computers.
    
        - **Maximum clients**: Specify the maximum number of destination computers that can download the operating system from this distribution point.
    
        - **Enable scheduled multicast**: Specify how Configuration Manager controls when to start deploying operating systems to destination computers. When selected, configure the following options:
    
            - **Session start delay (minutes)**: Specify the number of minutes that Configuration Manager waits before it responds to the first deployment request.
    
            - **Minimum session size (clients)**: Specify how many requests must be received before Configuration Manager starts to deploy the operating system.
    
      <div class="alert">
    
    
      > [!NOTE]
      > <P>Multicast deployments conserve network bandwidth by simultaneously sending data to multiple Configuration Manager clients instead of sending a copy of the data to each client over a separate connection. For more information about using multicast for operating system deployment, see <A href="hh397406(v=technet.10).md">Planning a Multicast Strategy in Configuration Manager</A>.</P>
    
    
      </div>
    
    - **Content Validation** page
    
      Specify whether to set a schedule to validate the integrity of content files on the distribution point. When you enable content validation on a schedule, Configuration Manager starts the process at the scheduled time, and all content on the distribution point is verified. You can also configure the content validation priority. By default, the priority is set to **Lowest**.
    
      To view the results of the content validation process, in the **Monitoring** workspace, expand **Distribution Status**, and then click the **Content Status** node. The content for each package type (for example, Application, Software Update Package, and Boot Image) is displayed.
    
      <div class="alert">
    
    
      > [!WARNING]
      > <P>You specify the content validation schedule by using the local time for the computer, the schedule displays in the Configuration Manager console by using UTC.</P>
    
    
      </div>
    
    - **Boundary Group** page
    
      Manage the boundary groups for which this distribution point is assigned. You can associate boundary groups to a distribution point. During content deployment, clients must be in a boundary group associated with the distribution point to use it as a source location for content. You can select the **Allow clients to use this site system as a fallback source location for content** check box to let clients outside these boundary groups fall back and use the distribution point as a source location for content when no other distribution points are available.
    
      For more information about protected distribution points, see [Planning for Preferred Distribution Points and Fallback](gg712321\(v=technet.10\).md).
    

    After you complete the wizard, the distribution point site role is added to the site system server.

Modify the Distribution Point Configuration Settings

After the distribution point is installed, you can modify the configuration settings in the distribution point properties. In the properties, you can configure the settings that were available during the initial installation. You can also manage the distribution point groups that the distribution point is associated with, review the packages that are associated with the distribution point, schedule when content can transfer to the distribution point, and configure the rate limits to control the network bandwidth that is in use when transferring content.

To modify the distribution point properties

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Distribution Points, and then select the distribution point that you want to configure.

  3. On the Home tab, in the Properties group, click Properties.

  4. Configure the distribution point settings on the following tabs in the distribution point properties:

    - **General** tab
    
      Specify the following settings:
    
        - Configure how client devices communicate with the distribution point. There are advantages and disadvantages for using HTTP and HTTPS. For more information, see [Security Best Practices for Content Management](gg699360\(v=technet.10\).md) section in the [Security and Privacy for Content Management in Configuration Manager](gg699360\(v=technet.10\).md) topic.
    
          For more information about client communication to the distribution point and other site systems, see the [Planning for Client Communications in Configuration Manager](https://go.microsoft.com/fwlink/?linkid=234538) section in the [Planning for Communications in Configuration Manager](gg712701\(v=technet.10\).md) topic.
    
        - **Allow clients to connect anonymously**: This setting specifies whether the distribution point allows anonymous connections from Configuration Manager clients to the content library.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>When you deploy a Windows Installer application on a Configuration Manager client, Configuration Manager downloads the file to the local cache on the client and the files are eventually removed after the installation completes. The Configuration Manager client updates the Windows Installer source list for the installed Windows Installer applications with the content path for the content library on associated distribution points. Later, if you start the repair action from Add/Remove Programs on a Configuration Manager client, MSIExec attempts to access the content path by using an anonymous user. You must select the <STRONG>Allow clients to connect anonymously</STRONG> setting or the repair fails for clients.</P>
          > <P>You must always select the <STRONG>Allow clients to connect anonymously</STRONG> setting for Windows XP clients. For all other operating systems, you can install the update and modify a registry key described in Microsoft Knowledge Base article <A href="https://go.microsoft.com/fwlink/?linkid=279699">2619572</A>. After the update is installed on the clients, MSIExec will access the content path by using the logged on user account when you do not select the <STRONG>Allow clients to connect anonymously</STRONG> setting.</P>
    
    
          </div>
    
        - Create a self-signed certificate or import a PKI client certificate for the distribution point. The certificate has the following purposes:
    
            - It authenticates the distribution point to a management point before the distribution point sends status messages.
    
            - When **Enable PXE support for clients** is selected on the **PXE Settings** page, the certificate is sent to computers that perform a PXE boot so that they can connect to a management point during the deployment of the operating system.
    
          When all your management points in the site are configured for HTTP, create a self-signed certificate. When your management points are configured for HTTPS, import a PKI client certificate.
    
          To import the certificate, browse to a Public Key Cryptography Standard (PKCS \#12) file that contains a PKI certificate with the following requirements for Configuration Manager:
    
            - Intended use must include client authentication.
    
            - The private key must be enabled to be exported.
    
          <div class="alert">
    
    
          > [!NOTE]
          > <P>There are no specific requirements for the certificate subject or subject alternative name (SAN), and you can use the same certificate for multiple distribution points.</P>
    
    
          </div>
    
          For more information about the certificate requirements, see [PKI Certificate Requirements for Configuration Manager](gg699362\(v=technet.10\).md).
    
          For an example deployment of this certificate, see the [Deploying the Client Certificate for Distribution Points](gg682023\(v=technet.10\).md) section in the [Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority](gg682023\(v=technet.10\).md) topic.
    
        - **Enable this distribution point for prestaged content**: Select this setting to enable the distribution point for prestaged content. When this setting is selected, you can configure distribution behavior when you distribute content. You can choose whether you always want to prestage the content on the distribution point, prestage the initial content for the package, but use the normal content distribution process when there are updates to the content, or always use the normal content distribution process for the content in the package.
    
    - **Pull Distribution Point** tab
    
      For System Center 2012 Configuration Manager SP1 and later:
    
      Configure the distribution point to be a pull-distribution point by selecting **Enable this distribution point to pull content from other distribution points**.
    
        - Click **Add**, and then select one or more of the available distribution points to be source distribution points..
    
        - Click **Remove** to remove the selected distribution point as a source distribution point.
    
        - Use the arrow buttons to adjust the order in which the source distribution points are contacted by the pull-distribution point when the pull-distribution point attempts to transfer content. Distribution points with the lowest value are contacted first.
    
    - **PXE** tab
    
      Specify whether to enable PXE on the distribution point. When you enable PXE, Configuration Manager installs Windows Deployment Services on the server, if required. Windows Deployment Service is the service that performs the PXE boot to install operating systems. After you complete the wizard to create the distribution point, Configuration Manager installs a provider in Windows Deployment Services that uses the PXE boot functions.
    
      When you select **Enable PXE support for clients**, configure the following settings:
    
        - **Allow this distribution point to respond to incoming PXE requests**: Specifies whether the PXE service point responds to computer requests. When you do not enable this setting, the PXE service point is installed but it is not activated.
    
        - **Enable unknown computer support**: Specify whether to enable support for unknown computers. Unknown computers are computers that are not managed by Configuration Manager.
    
        - **Require a password when computers use PXE**: Specify whether a password is required for clients to start the PXE boot.
    
        - **User device affinity**: Specifies the user device affinity behavior. Select one of the following options:
    
            - **Allow user device affinity with auto-approval**: Select this setting if you want to automatically associate users with the destination computer.
    
            - **Allow user device affinity pending administrator approval**: Select this setting if you want to associate users with the destination computer only after approval is granted.
    
            - **Do not allow user device affinity**: Select this setting if you do not want to associate users with the destination computer.
    
          For more information about user device affinity, see [How to Associate Users with a Destination Computer](hh846243\(v=technet.10\).md).
    
        - **Network interfaces**: Specify whether the distribution point responds to PXE requests on all network interfaces or whether it responds to PXE requests on only specific network interfaces.
    
        - **Specify the PXE server response delay (seconds)**: Specifies, in seconds, how long the delay is for the distribution point before it responds to computer requests when multiple PXE-enabled distribution points are used. By default, the Configuration Manager PXE service point responds first to network PXE requests.
    
      <div class="alert">
    
    
      > [!NOTE]
      > <P>You can use the PXE protocol to initiate operating system deployments to Configuration Manager client computers. Configuration Manager uses the PXE-enabled distribution point site role to start the operating system deployment process. The PXE-enabled distribution point must be configured to respond to PXE boot requests made by Configuration Manager clients on the network and then interact with Configuration Manager infrastructure to determine the appropriate deployment actions to take. For more information about using PXE to deploy operating systems in Configuration Manager, see <A href="gg681992(v=technet.10).md">Planning to Deploy Operating Systems in Configuration Manager</A>.</P>
    
    
      </div>
    
    - **Multicast** tab
    
      Specify whether to enable multicast on the distribution point. When you enable multicast, Configuration Manager installs Windows Deployment Services on the server, if required.
    
      When you select the **Enable multicast to simultaneously send data to multiple clients** check box, configure the following settings:
    
        - **Multicast Connection Account**: Specify the account to use when you configure Configuration Manager database connections for multicast.
    
        - **Multicast address settings**: Specify the IP addresses used to send data to the destination computers. By default, the IP address is obtained from a DHCP server that is enabled to distribute multicast addresses. Depending on the network environment, you can specify a range of IP addresses between 239.0.0.0 and 239.255.255.255.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>The IP addresses that you configure must be accessible by the destination computers that request the operating system image. Verify that routers and firewalls allow for multicast traffic between the destination computer and the site server.</P>
    
    
          </div>
    
        - **UDP port range for multicast**: Specify the range of user datagram protocol (UDP) ports used to send data to the destination computers.
    
          <div class="alert">
    
    
          > [!IMPORTANT]
          > <P>The UDP ports must be accessible by the destination computers that request the operating system image. Verify that routers and firewalls allow for multicast traffic between the destination computer and the site server.</P>
    
    
          </div>
    
        - **Client transfer rate**: Select the transfer rate used to download data to the destination computers.
    
        - **Maximum clients**: Specify the maximum number of destination computers that can download the operating system from this distribution point.
    
        - **Enable scheduled multicast**: Specify how Configuration Manager controls when to start deploying operating systems to destination computers. When selected, configure the following options:
    
            - **Session start delay (minutes)**: Specify the number of minutes that Configuration Manager waits before it responds to the first deployment request.
    
            - **Minimum session size (clients)**: Specify how many requests must be received before Configuration Manager starts to deploy the operating system.
    
          <div class="alert">
    
    
          > [!NOTE]
          > <P>Multicast deployments conserve network bandwidth by simultaneously sending data to multiple Configuration Manager clients rather than sending a copy of the data to each client over a separate connection. For more information about using multicast for operating system deployment, see <A href="hh397406(v=technet.10).md">Planning a Multicast Strategy in Configuration Manager</A>.</P>
    
    
          </div>
    
    - **Group Relationships** tab
    
      Manage the distribution point groups in which this distribution point is a member.
    
      To add this distribution point as a member to an existing a distribution point group, click **Add**. Select an existing distribution point group in the list in the **Add to Distribution Point Groups** dialog box, and then click **OK**.
    
      To remove this distribution point from a distribution point group, select the distribution point group in the list, and then click **Remove**.
    
    - **Content** tab
    
      Manage the content that has been distributed to the distribution point. The Deployment packages section provides a list of the packages distributed to this distribution point. You can select a package from the list and perform the following actions:
    
        - **Validate**: Starts the process to validate the integrity of the content files in the package. To view the results of the content validation process, in the **Monitoring** workspace, expand **Distribution Status**, and then click the **Content Status** node.
    
        - **Redistribute**: Copies all of the content files in the package to the distribution point, and overwrites the existing files. You typically use this operation to repair content files in the package.
    
        - **Remove**: Removes the content files from the distribution point for the package.
    
    - **Content Validation** tab
    
      Specify whether to set a schedule to validate the integrity of content files on the distribution point. When you enable content validation on a schedule, Configuration Manager starts the process at the scheduled time, and all content on the distribution point is verified. You can also configure the content validation priority. By default, the priority is set to **Lowest**.
    
      To view the results of the content validation process, in the **Monitoring** workspace, expand **Distribution Status**, and then click the **Content Status** node. The content for each package type (for example, Application, Software Update Package, and Boot Image) is displayed.
    
      <div class="alert">
    
    
      > [!WARNING]
      > <P>You specify the content validation schedule by using the local time for the computer, the schedule displays in the Configuration Manager console by using UTC.</P>
    
    
      </div>
    
    - **Boundary Groups** tab
    
      Manage the boundary groups for which this distribution point is assigned. The distribution point is considered protected for the clients that are within the boundaries associated with the boundary group. During a content deployment, only the clients that are in an assigned boundary group can use the distribution point as a content location source. You can select the **Allow a client outside these boundary groups to fall back and use this site system as a source location for content** check box to let clients not in the assigned boundary groups use the distribution point if a protected distribution point is not available to the client.
    
      For more information about protected distribution points, see [Planning for Preferred Distribution Points and Fallback](gg712321\(v=technet.10\).md).
    
    - **Schedule** tab
    
      <div class="alert">
    
    
      > [!TIP]
      > <P>This tab is only available when you edit the properties for a distribution point that is remote from the site server computer.</P>
    
    
      </div>
    
      Specify whether to configure a schedule that restricts when Configuration Manager can transfer data to the distribution point.
    
      <div class="alert">
    
    
      > [!IMPORTANT]
      > <P>The schedule is based on the time zone from the sending site, not the distribution point.</P>
    
    
      </div>
    
      To restrict data, select the time period and then select one of the following settings for **Availability**:
    
        - **Open for all priorities**: Specifies that Configuration Manager sends data to the distribution point with no restrictions.
    
        - **Allow medium and high priority**: Specifies that Configuration Manager sends only medium and high priority data to the distribution point.
    
        - **Allow high priority only**: Specifies that Configuration Manager sends only high priority data to the distribution point.
    
        - **Closed**: Specifies that Configuration Manager does not send any data to the distribution point.
    
      You can restrict data by priority or close the connection for selected time periods.
    
    - **Rate Limits** tab
    
      <div class="alert">
    
    
      > [!TIP]
      > <P>This tab is only available when you edit the properties for a distribution point that is remote from the site server computer.</P>
    
    
      </div>
    
      Specify whether to configure rate limits to control the network bandwidth that is in use when transferring content to the distribution point. You can choose from the following options:
    
        - **Unlimited when sending to this destination**: Specifies that Configuration Manager sends content to the distribution point with no rate limit restrictions.
    
        - **Pulse mode**: Specifies the size of the data blocks that are sent to the distribution point. You can also specify a time delay between sending each data block. Use this option when you must send data across a very low bandwidth network connection to the distribution point. For example, you might have constraints to send 1 KB of data every five seconds, regardless of the speed of the link or its usage at a given time.
    
        - **Limited to specified maximum transfer rates by hour**: Specify this setting to have a site send data to a distribution point by using only the percentage of time that you configure. When you use this option, Configuration Manager does not identify the networks available bandwidth, but instead divides the time it can send data into slices of time. Then data is sent for a short block of time, which is followed by blocks of time when data is not sent. For example, if the maximum rate is set to **50%**, Configuration Manager transmits data for a period of time followed by an equal period of time when no data is sent. The actual size amount of data, or size of the data block, is not managed. Instead, only the amount of time during which data is sent is managed.
    

Create and Configure Distribution Point Groups

Distribution point groups provide a logical grouping of distribution points and collections for content distribution. You can add one or more distribution points from any site in the Configuration Manager hierarchy to the distribution point group. You can also add the distribution point to more than one distribution point group so that you can manage and monitor content from a central location for distribution points that span multiple sites. When you distribute content to a distribution point group, all distribution points that are members of the distribution point group receive the content. When a new distribution point is added to a distribution point group, it receives all content that has been previously distributed to it. You can also associate collections to the distribution point group. When you distribute content, you can target a collection and the distribution points that are members of all distribution point groups with an association to the collection to receive the content.

Important

After you distribute content to a collection, and then associate the collection to a new distribution point group, you must redistribute the content to the collection before the content is distributed to the new distribution point group.

To create and configure a new distribution point group

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Distribution Point Groups.

  3. On the Home tab, in the Create group, click Create Group.

  4. Enter the name and description for the distribution point group.

  5. On the Collections tab, click Add, select the collections that you want to associate with the distribution point group, and then click OK.

  6. On the Members tab, click Add, select the distribution points that you want to add as members of the distribution point group, and then click OK.

  7. Click OK to create the distribution point group.

To add distribution points and associate collections to an existing distribution point group

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Distribution Point Groups, and then select the distribution point group in which you want to modify members.

  3. On the Home tab, in the Properties group, click Properties.

  4. On the Collections tab, click Add to select the collections that you want to associate with the distribution point group, and then click OK.

  5. On the Members tab, click Add to select the distribution points that you want to add as members of the distribution point group, and then click OK.

  6. Click OK to save changes to the distribution point group.

To add selected distribution points to a new distribution point group

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Distribution Points, and then select the distribution points that you want to add to the new distribution point group.

  3. On the Home tab, in the Distribution Point group, expand Add Selected Items, and then click Add Selected Items to New Distribution Point Group.

  4. Enter the name and description for the distribution point group.

  5. On the Collections tab, click Add to select the collections that you want to associate with the distribution point group, and then click OK.

  6. On the Members tab, verify that you want Configuration Manager to add the listed distribution points as members of the distribution point group. Click Add to modify the distribution points that you want to add as members of the distribution point group, and then click OK.

  7. Click OK to create the distribution point group.

To add selected distribution points to existing distribution point groups

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Distribution Points, and then select the distribution points that you want to add to the new distribution point group.

  3. On the Home tab, in the Distribution Point group, expand Add Selected Items, and then click Add Selected Items to Existing Distribution Point Groups.

  4. In the Available distribution point groups, select the distribution point groups to which the selected distribution points are added as members, and then click OK.

Configure the Network Access Account

Client computers use the Network Access Account when they cannot use their local computer account to access content on distribution points; for example, this applies to workgroup clients and computers from untrusted domains. This account might also be used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.

Note

Clients only use the Network Access Account for accessing resources on the network.

Grant this account the minimum appropriate permissions to access the software for the content that the client requires. The account must have the Access this computer from the network right on the distribution point. Prior to System Center 2012 R2 Configuration Manager you can create only one Network Access Account per site and this account must function for all packages and task sequences for which it is required. Beginning with System Center 2012 R2 Configuration Manager you can configure multiple accounts for use as a Network Access Account at each site. For more information about using Network Access Accounts, see the Manage Accounts to Access Package Content section in the Operations and Maintenance for Content Management in Configuration Manager topic.

Warning

When Configuration Manager tries to use the computername$ account to download the content and it fails, it automatically tries the Network Access Account again, even if it has previously tried and failed.

Create the account in any domain that provides the necessary access to resources. The Network Access Account must always include a domain name. Pass-through security is not supported for this account. If you have distribution points in multiple domains, create the account in a trusted domain.

Tip

To avoid account lockouts, do not change the password on an existing Network Access Account. Instead, create a new account and configure the new account in Configuration Manager. When sufficient time has passed for all clients to have received the new account details, remove the old account from the network shared folders and delete the account.

System_CAPS_security Security Note

Do not grant this account interactive logon rights.

Do not grant this account the right to join computers to the domain. If you must join computers to the domain during a task sequence, use the Task Sequence Editor Domain Joining Account.

Use the following procedure to configure the Network Access Account.

Note

You cannot configure the Network Access Account on a central administration site.

To configure the Network Access Account

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, click Sites, and then select the site.

  3. On the Settings group, click Configure Site Components, and then click Software Distribution.

  4. Click the Network Access Account tab. If you use System Center 2012 Configuration Manager with no service pack or with SP1, configure the account, and then click OK. Beginning with System Center 2012 R2 Configuration Manager, configure one or more accounts and then click OK.