Are you looking to use BranchCache anytime in the future? If so, then use the 
more modern windows 7 policies and not that ol’d XP stuff. (Or maybe you still 
got XP as you are in healthcare?)

We set BITS policy “on the fly” and moved away from direct registry pokes as it 
is only read when the svc starts, this changed somewhat with Windows 10 where 
they have a more registry based policy. So we set the local policy object 
instead, but that is hard to do from PS. So keep that in mind if you are 
looking to make it a bit more dynamic, but for a fire and forget kind of policy 
you should be good.

Also, remember that some BITS jobs don’t like to be throttled, like OAB etc. If 
they don’t complete in a “somewhat short time” another job will be created.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Schultz, Michael A
Sent: den 29 november 2016 22:38
To: mssms@lists.myitforum.com
Subject: RE: [mssms] BITS set via DCM off boundary, IP, or subnet

I did get something working with PS and a CI but then MS developers comeback 
and suggest not planning on what we used as it may not be available in future 
releases.  I queried WMI and got the boundary group cache IDs.  Made a boundary 
groups for BITS throttling and targeted that.

Compliance script:
$ThrottledID = "16777375"
$BoundaryGroups = Get-WmiObject -Namespace ROOT\ccm\LocationServices -class 
BoundaryGroupCache | select -ExpandProperty BoundaryGroupIDs
$bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS" 
-Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth

If (($boundarygroups -contains $ThrottledID) -and ($bitsenable -eq "0"))
{
$compliance = "false"
}
ElseIf (($boundarygroups -notcontains $ThrottledID) -and ($bitsenable -eq "1"))
{
$compliance = "false"
}
Else
{
$compliance = "true"
}
$compliance

Remediation script:
$bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS" 
-Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth

If ($bitsenable -eq "0")
{
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
EnableBITSMaxBandwidth -value 1 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
MaxBandwidthValidFrom -value 6 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
MaxBandwidthValidTo -value 18 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
MaxTransferRateOffSchedule -value 80 -Force
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
MaxTransferRateOnSchedule -value 40 -Force
}
Else
{
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name 
EnableBITSMaxBandwidth -value 0 -Force
}

Michael Schultz
Client Systems Engineering
Information Systems
Providence Health & Services
michael.schu...@providence.org<mailto:michael.schu...@providence.org>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, November 28, 2016 1:56 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] BITS set via DCM off boundary, IP, or subnet

"maybe boundary now that clients hold that info"  if you can query that locally 
on a client (I didn't look for where that is)...
I've never done anything like you've mentioned, but you *could* do something 
like...
an "application" configuration Item where...
  The "application exists" based on a script, and you write a script which 
spits out any results *if* the client can respond with "maybe boundary now that 
clients hold that info"  -- where the boundary you are looking for is "Boundary 
X".  When it's Boundary X, then the "application" is installed <wink> so the 
ConfigItem continues on the inside and runs the detection logic script, and if 
you've enabled the CI to do so, the remediation script to "apply BITS settings".

What you MAY want to do is have more CIs where the boundary is "these other 
ones"; and sets the BITS settings back to normal (whatever normal means to 
you).  In case machines travel around.  by using the "only deserved if the 
'application' is installed in the baseline logic, you can target a large 
collection, and that client figures out locally if it deserves whatever-it-is, 
instead of having the collection logic do that.

The above is one way to do it.  Another way is what you're already doing--the 
collection does the 'who deserves this'.  Another way would be to do something 
similar using Application deployment logic--craft a custom Global Condition 
that'll spit out the Boundary that the client knows--and have multiple 
Deployment Types for each boundary; to set the BITS settings for each one.  
Another way (slightly old skool); have a task sequence with multiple steps, and 
the targets have to do a wmi evaluation logic on a step to see if it deserves 
to run that 'step' of the TS.   Lots of ways to get to your end goal; you just 
need to work out which one makes the most sense for you.

Another way--why thousands of boundaries?  simplify!  We have 300k+ clients, 
and have a total of 18 boundaries.  It's all IP ranges--covering 0.0.0.0 
through 255.255.255.254  We used to have fewer than that, but we had to 
rebalance client counts and had to split up boundaries in slightly awkward 
ways.  18 feels like a lot to us.

On Mon, Nov 28, 2016 at 2:42 PM, Schultz, Michael A 
<michael.schu...@providence.org<mailto:michael.schu...@providence.org>> wrote:
We are looking at using compliance settings to apply BITS settings to machines 
based on a machine’s subnet or maybe boundary now that clients hold that info.  
Has anyone done anything similar?  We are currently using client settings but 
it involves populating collections based off IP subnet (boundary) and with 
almost 100k clients and over a thousand boundaries, it is nightmare.

Michael Schultz
Client Systems Engineering
Information Systems
Providence Health & Services
michael.schu...@providence.org<mailto:michael.schu...@providence.org>


________________________________

This message is intended for the sole use of the addressee, and may contain 
information that is privileged, confidential and exempt from disclosure under 
applicable law. If you are not the addressee you are hereby notified that you 
may not use, copy, disclose, or distribute to anyone the message or any 
information contained in the message. If you have received this message in 
error, please immediately advise the sender by reply email and delete this 
message.




--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: 
http://www.mofmaster.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mofmaster.com&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=MeadVNk5pYUBV0ddfGsOufuXjd%2BNQKwSftth6olckYw%3D&reserved=0>,
 
http://mnscug.org/blogs/sherry-kissinger<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmnscug.org%2Fblogs%2Fsherry-kissinger&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=lvQt88cZn7cagaopHUdJ6V%2BlJBwnTZ%2BFHBIhsn8PwWA%3D&reserved=0>,
 
http://www.smguru.org<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smguru.org&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=ilPIvPpb2RxXdcZoqULuwhp1l%2Fc04mTf%2BIr0RKvo5oY%3D&reserved=0>


________________________________

This message is intended for the sole use of the addressee, and may contain 
information that is privileged, confidential and exempt from disclosure under 
applicable law. If you are not the addressee you are hereby notified that you 
may not use, copy, disclose, or distribute to anyone the message or any 
information contained in the message. If you have received this message in 
error, please immediately advise the sender by reply email and delete this 
message.


Reply via email to