{"id":47,"date":"2017-09-01T18:06:14","date_gmt":"2017-09-01T18:06:14","guid":{"rendered":"http:\/\/michaelschultz.net\/tech\/?p=47"},"modified":"2018-06-28T21:47:31","modified_gmt":"2018-06-28T21:47:31","slug":"using-sccm-compliance-settings-and-a-boundary-group-to-apply-bits-settings","status":"publish","type":"post","link":"https:\/\/michaelschultz.net\/tech\/using-sccm-compliance-settings-and-a-boundary-group-to-apply-bits-settings\/","title":{"rendered":"Using ConfigMgr Compliance Settings and a Boundary Group to Apply BITS Settings"},"content":{"rendered":"

The solution here makes use of a boundary group to determine if a SCCM client should use BITS to control content transfers and compliance settings set the BITS settings.\u00a0 With SCCM build 1610, the boundary group IDs a client is associated with are store in WMI.\u00a0 Using PowerShell, we are able to look at the boundary group ID and use it to help set BITS settings.\u00a0 Fair warning with this solution.\u00a0 While the boundary group ID is currently stored in WMI, I have been informed by Microsoft that this information isn\u2019t meant to be customer facing and may go away in future SCCM builds, but it is something that is current available.<\/p>\n

I am going to just cover the compliance item\u2019s discovery script, compliance script, and compliance rule.\u00a0 If you need help with how to create the configuration item, configuration baseline, and deploying the baseline, I suggest starting with the System Center Configuration Manager Documentation site at https:\/\/docs.microsoft.com\/en-us\/sccm\/<\/p>\n

The first step is to create a boundary group for applying BITS settings.\u00a0 For me, I named it SCCM – BITS Enabled Boundaries.\u00a0 I then add all the boundaries that need to have the SCCM clients utilitze BITS.<\/p>\n

Once I have the boundary group created, I need to get the GroupID as it is needed as part of the compliance settings scripts.\u00a0 I do this using SQL to query the SCCM database for the GroupID.<\/p>\n

SELECT<\/span> GroupID ,<\/span>Name
\nFROM<\/span> vSMS_BoundaryGroup
\nWHERE<\/span> Name =<\/span> 'SCCM - BITS Enabled Boundaries'<\/span><\/div><\/div>\n

Let’s say the results from SQL shows the GroupID as 12345678 for my environment.<\/p>\n

Now that I have the GroupID, I can work on the PowerShell scripts.\u00a0 The first is the discovery script.<\/p>\n

I set the GroupID as a variable<\/p>\n

$ThrottledID<\/span> =<\/span> "12345678"<\/span><\/div><\/div>\n

Next, I query WMI get the boundary group IDs for the client and set it as a variable.<\/p>\n

$BoundaryGroups<\/span> =<\/span> Get-WmiObject<\/span> -Namespace<\/span> ROOT\\ccm\\LocationServices -class<\/span> BoundaryGroupCache |<\/span> select<\/span> -ExpandProperty<\/span> BoundaryGroupIDs<\/div><\/div>\n

I then query the registry to determine if BITS is or is not enabled and set that as a variable.<\/p>\n

$bitsenable<\/span> =<\/span> Get-ItemProperty<\/span> "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS"<\/span> -Name<\/span> EnableBitsMaxBandwidth |<\/span> select<\/span> -ExpandProperty<\/span> EnableBitsMaxBandwidth<\/div><\/div>\n

Finally, I determine if the client is in the BITS boundary group and set a compliance variable.<\/p>\n

If<\/span> (<\/span>(<\/span>$boundarygroups<\/span> -contains<\/span> $ThrottledID<\/span>)<\/span> -and<\/span> (<\/span>$bitsenable<\/span> -eq<\/span> "0"<\/span>)<\/span>)<\/span>
\n{<\/span>
\n$compliance<\/span> =<\/span> "false"<\/span>
\n}<\/span>
\nElseIf<\/span> (<\/span>(<\/span>$boundarygroups<\/span> -notcontains<\/span> $ThrottledID<\/span>)<\/span> -and<\/span> (<\/span>$bitsenable<\/span> -eq<\/span> "1"<\/span>)<\/span>)<\/span>
\n{<\/span>
\n$compliance<\/span> =<\/span> "false"<\/span>
\n}<\/span>
\nElse<\/span>
\n{<\/span>
\n$compliance<\/span> =<\/span> "true"<\/span>
\n}<\/span>
\n$compliance<\/div><\/div>\n

When setting the compliance rule for the compliance setting, it is set to The value returned by the specified script: Equals true.<\/p>\n

Now it is time to do the remediation script.<\/p>\n

I set variables for the GroupID, boundary groups IDs of the client, and whether BITS is currently enabled or disabled.<\/p>\n

$ThrottledID<\/span> =<\/span> "12345678"<\/span>
\n
\n$BoundaryGroups<\/span> =<\/span> Get-WmiObject<\/span> -Namespace<\/span> ROOT\\ccm\\LocationServices -class<\/span> BoundaryGroupCache |<\/span> select<\/span> -ExpandProperty<\/span> BoundaryGroupIDs
\n
\n$bitsenable<\/span> =<\/span> Get-ItemProperty<\/span> "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS"<\/span> -Name<\/span> EnableBitsMaxBandwidth |<\/span> select<\/span> -ExpandProperty<\/span> EnableBitsMaxBandwidth<\/div><\/div>\n

Once the variables are set, I configure the client\u2019s BITS settings.\u00a0 I enable or disable BITS based of the boundary group membership as well as set specific registry settings for BITS settings when BITS is needed.\u00a0 These settings are based off needs in my environment. More information on the BITS registry settings can be found at https:\/\/technet.microsoft.com\/en-us\/library\/bb457145.aspx<\/p>\n

I also stop and start the BITS service.<\/p>\n

If<\/span> (<\/span>(<\/span>$boundarygroups<\/span> -contains<\/span> $ThrottledID<\/span>)<\/span> -and<\/span> (<\/span>$bitsenable<\/span> -eq<\/span> "0"<\/span>)<\/span>)<\/span>
\n{<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> EnableBITSMaxBandwidth -value<\/span> 1<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxBandwidthValidFrom -value<\/span> 6<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxBandwidthValidTo -value<\/span> 18<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxTransferRateOffSchedule -value<\/span> 80<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxTransferRateOnSchedule -value<\/span> 40<\/span> -Force<\/span>
\n
\nStop-Service<\/span> BITS
\nStart-Service<\/span> BITS
\n}<\/span>
\nElseIf<\/span> (<\/span>(<\/span>$boundarygroups<\/span> -notcontains<\/span> $ThrottledID<\/span>)<\/span> -and<\/span> (<\/span>$bitsenable<\/span> -eq<\/span> "1"<\/span>)<\/span>)<\/span>
\n{<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> EnableBITSMaxBandwidth -value<\/span> 0<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxTransferRateOffSchedule -value<\/span> 9999<\/span> -Force<\/span>
\nSet-ItemProperty<\/span> -path<\/span> 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\BITS'<\/span> -name<\/span> MaxTransferRateOnSchedule -value<\/span> 9999<\/span> -Force<\/span>
\n
\nStop-Service<\/span> BITS
\nStart-Service<\/span> BITS
\n}<\/span>
\nElse<\/span>
\n{<\/span>
\n}<\/span><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

The solution here makes use of a boundary group to determine if a SCCM client should use BITS to control content transfers and compliance settings set the BITS settings.\u00a0 With SCCM build 1610, the boundary group IDs a client is associated with are store in WMI.\u00a0 Using PowerShell, we are able to look at the … Continue reading “Using ConfigMgr Compliance Settings and a Boundary Group to Apply BITS Settings”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,4],"tags":[10,9,7,8,11],"class_list":["post-47","post","type-post","status-publish","format-standard","hentry","category-dcm","category-configmgr","tag-boundaries","tag-compliance-settings","tag-configmgr","tag-dcm","tag-powershell"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p98a2r-L","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/posts\/47","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/comments?post=47"}],"version-history":[{"count":8,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/posts\/47\/revisions"}],"predecessor-version":[{"id":187,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/posts\/47\/revisions\/187"}],"wp:attachment":[{"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/media?parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/categories?post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michaelschultz.net\/tech\/wp-json\/wp\/v2\/tags?post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}