Using ConfigMgr Compliance Settings and a Boundary Group to Apply BITS Settings

The solution here makes use of a boundary group to determine if a SCCM client should use BITS to control content transfers and compliance settings set the BITS settings.  With SCCM build 1610, the boundary group IDs a client is associated with are store in WMI.  Using PowerShell, we are able to look at the boundary group ID and use it to help set BITS settings.  Fair warning with this solution.  While the boundary group ID is currently stored in WMI, I have been informed by Microsoft that this information isn’t meant to be customer facing and may go away in future SCCM builds, but it is something that is current available.

I am going to just cover the compliance item’s discovery script, compliance script, and compliance rule.  If you need help with how to create the configuration item, configuration baseline, and deploying the baseline, I suggest starting with the System Center Configuration Manager Documentation site at https://docs.microsoft.com/en-us/sccm/

The first step is to create a boundary group for applying BITS settings.  For me, I named it SCCM – BITS Enabled Boundaries.  I then add all the boundaries that need to have the SCCM clients utilitze BITS.

Once I have the boundary group created, I need to get the GroupID as it is needed as part of the compliance settings scripts.  I do this using SQL to query the SCCM database for the GroupID.

Let’s say the results from SQL shows the GroupID as 12345678 for my environment.

Now that I have the GroupID, I can work on the PowerShell scripts.  The first is the discovery script.

I set the GroupID as a variable

Next, I query WMI get the boundary group IDs for the client and set it as a variable.

I then query the registry to determine if BITS is or is not enabled and set that as a variable.

Finally, I determine if the client is in the BITS boundary group and set a compliance variable.

When setting the compliance rule for the compliance setting, it is set to The value returned by the specified script: Equals true.

Now it is time to do the remediation script.

I set variables for the GroupID, boundary groups IDs of the client, and whether BITS is currently enabled or disabled.

Once the variables are set, I configure the client’s BITS settings.  I enable or disable BITS based of the boundary group membership as well as set specific registry settings for BITS settings when BITS is needed.  These settings are based off needs in my environment. More information on the BITS registry settings can be found at https://technet.microsoft.com/en-us/library/bb457145.aspx

I also stop and start the BITS service.