I did get something working with PS and a CI but then MS developers comeback
and suggest not planning on what we used as it may not be available in future
releases. I queried WMI and got the boundary group cache IDs. Made a boundary
groups for BITS throttling and targeted that.
Compliance script:
$ThrottledID = "16777375"
$BoundaryGroups = Get-WmiObject -Namespace ROOT\ccm\LocationServices -class
BoundaryGroupCache | select -ExpandProperty BoundaryGroupIDs
$bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS"
-Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth
If (($boundarygroups -contains $ThrottledID) -and ($bitsenable -eq "0"))
{
$compliance = "false"
}
ElseIf (($boundarygroups -notcontains $ThrottledID) -and ($bitsenable -eq "1"))
{
$compliance = "false"
}
Else
{
$compliance = "true"
}
$compliance
Remediation script:
$bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS"
-Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth
If ($bitsenable -eq "0")
{
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
EnableBITSMaxBandwidth -value 1 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
MaxBandwidthValidFrom -value 6 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
MaxBandwidthValidTo -value 18 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
MaxTransferRateOffSchedule -value 80 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
MaxTransferRateOnSchedule -value 40 -Force
}
Else
{
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name
EnableBITSMaxBandwidth -value 0 -Force
}
Michael Schultz
Client Systems Engineering
Information Systems
Providence Health & Services
[email protected]<mailto:[email protected]>
From: [email protected] [mailto:[email protected]] On
Behalf Of Sherry Kissinger
Sent: Monday, November 28, 2016 1:56 PM
To: [email protected]
Subject: Re: [mssms] BITS set via DCM off boundary, IP, or subnet
"maybe boundary now that clients hold that info" if you can query that locally
on a client (I didn't look for where that is)...
I've never done anything like you've mentioned, but you *could* do something
like...
an "application" configuration Item where...
The "application exists" based on a script, and you write a script which
spits out any results *if* the client can respond with "maybe boundary now that
clients hold that info" -- where the boundary you are looking for is "Boundary
X". When it's Boundary X, then the "application" is installed <wink> so the
ConfigItem continues on the inside and runs the detection logic script, and if
you've enabled the CI to do so, the remediation script to "apply BITS settings".
What you MAY want to do is have more CIs where the boundary is "these other
ones"; and sets the BITS settings back to normal (whatever normal means to
you). In case machines travel around. by using the "only deserved if the
'application' is installed in the baseline logic, you can target a large
collection, and that client figures out locally if it deserves whatever-it-is,
instead of having the collection logic do that.
The above is one way to do it. Another way is what you're already doing--the
collection does the 'who deserves this'. Another way would be to do something
similar using Application deployment logic--craft a custom Global Condition
that'll spit out the Boundary that the client knows--and have multiple
Deployment Types for each boundary; to set the BITS settings for each one.
Another way (slightly old skool); have a task sequence with multiple steps, and
the targets have to do a wmi evaluation logic on a step to see if it deserves
to run that 'step' of the TS. Lots of ways to get to your end goal; you just
need to work out which one makes the most sense for you.
Another way--why thousands of boundaries? simplify! We have 300k+ clients,
and have a total of 18 boundaries. It's all IP ranges--covering 0.0.0.0
through 255.255.255.254 We used to have fewer than that, but we had to
rebalance client counts and had to split up boundaries in slightly awkward
ways. 18 feels like a lot to us.
On Mon, Nov 28, 2016 at 2:42 PM, Schultz, Michael A
<[email protected]<mailto:[email protected]>> wrote:
We are looking at using compliance settings to apply BITS settings to machines
based on a machine’s subnet or maybe boundary now that clients hold that info.
Has anyone done anything similar? We are currently using client settings but
it involves populating collections based off IP subnet (boundary) and with
almost 100k clients and over a thousand boundaries, it is nightmare.
Michael Schultz
Client Systems Engineering
Information Systems
Providence Health & Services
[email protected]<mailto:[email protected]>
________________________________
This message is intended for the sole use of the addressee, and may contain
information that is privileged, confidential and exempt from disclosure under
applicable law. If you are not the addressee you are hereby notified that you
may not use, copy, disclose, or distribute to anyone the message or any
information contained in the message. If you have received this message in
error, please immediately advise the sender by reply email and delete this
message.
--
Thank you,
Sherry Kissinger
My Parameters: Standardize. Simplify. Automate
Blogs:
http://www.mofmaster.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mofmaster.com&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=MeadVNk5pYUBV0ddfGsOufuXjd%2BNQKwSftth6olckYw%3D&reserved=0>,
http://mnscug.org/blogs/sherry-kissinger<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmnscug.org%2Fblogs%2Fsherry-kissinger&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=lvQt88cZn7cagaopHUdJ6V%2BlJBwnTZ%2BFHBIhsn8PwWA%3D&reserved=0>,
http://www.smguru.org<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smguru.org&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=ilPIvPpb2RxXdcZoqULuwhp1l%2Fc04mTf%2BIr0RKvo5oY%3D&reserved=0>
________________________________
This message is intended for the sole use of the addressee, and may contain
information that is privileged, confidential and exempt from disclosure under
applicable law. If you are not the addressee you are hereby notified that you
may not use, copy, disclose, or distribute to anyone the message or any
information contained in the message. If you have received this message in
error, please immediately advise the sender by reply email and delete this
message.
