Are you looking to use BranchCache anytime in the future? If so, then use the more modern windows 7 policies and not that ol’d XP stuff. (Or maybe you still got XP as you are in healthcare?)
We set BITS policy “on the fly” and moved away from direct registry pokes as it is only read when the svc starts, this changed somewhat with Windows 10 where they have a more registry based policy. So we set the local policy object instead, but that is hard to do from PS. So keep that in mind if you are looking to make it a bit more dynamic, but for a fire and forget kind of policy you should be good. Also, remember that some BITS jobs don’t like to be throttled, like OAB etc. If they don’t complete in a “somewhat short time” another job will be created. From: [email protected] [mailto:[email protected]] On Behalf Of Schultz, Michael A Sent: den 29 november 2016 22:38 To: [email protected] Subject: RE: [mssms] BITS set via DCM off boundary, IP, or subnet I did get something working with PS and a CI but then MS developers comeback and suggest not planning on what we used as it may not be available in future releases. I queried WMI and got the boundary group cache IDs. Made a boundary groups for BITS throttling and targeted that. Compliance script: $ThrottledID = "16777375" $BoundaryGroups = Get-WmiObject -Namespace ROOT\ccm\LocationServices -class BoundaryGroupCache | select -ExpandProperty BoundaryGroupIDs $bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS" -Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth If (($boundarygroups -contains $ThrottledID) -and ($bitsenable -eq "0")) { $compliance = "false" } ElseIf (($boundarygroups -notcontains $ThrottledID) -and ($bitsenable -eq "1")) { $compliance = "false" } Else { $compliance = "true" } $compliance Remediation script: $bitsenable = Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS" -Name EnableBitsMaxBandwidth | select -ExpandProperty EnableBitsMaxBandwidth If ($bitsenable -eq "0") { Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name EnableBITSMaxBandwidth -value 1 -Force Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name MaxBandwidthValidFrom -value 6 -Force Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name MaxBandwidthValidTo -value 18 -Force Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name MaxTransferRateOffSchedule -value 80 -Force Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name MaxTransferRateOnSchedule -value 40 -Force } Else { Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\BITS' -name EnableBITSMaxBandwidth -value 0 -Force } Michael Schultz Client Systems Engineering Information Systems Providence Health & Services [email protected]<mailto:[email protected]> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Monday, November 28, 2016 1:56 PM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] BITS set via DCM off boundary, IP, or subnet "maybe boundary now that clients hold that info" if you can query that locally on a client (I didn't look for where that is)... I've never done anything like you've mentioned, but you *could* do something like... an "application" configuration Item where... The "application exists" based on a script, and you write a script which spits out any results *if* the client can respond with "maybe boundary now that clients hold that info" -- where the boundary you are looking for is "Boundary X". When it's Boundary X, then the "application" is installed <wink> so the ConfigItem continues on the inside and runs the detection logic script, and if you've enabled the CI to do so, the remediation script to "apply BITS settings". What you MAY want to do is have more CIs where the boundary is "these other ones"; and sets the BITS settings back to normal (whatever normal means to you). In case machines travel around. by using the "only deserved if the 'application' is installed in the baseline logic, you can target a large collection, and that client figures out locally if it deserves whatever-it-is, instead of having the collection logic do that. The above is one way to do it. Another way is what you're already doing--the collection does the 'who deserves this'. Another way would be to do something similar using Application deployment logic--craft a custom Global Condition that'll spit out the Boundary that the client knows--and have multiple Deployment Types for each boundary; to set the BITS settings for each one. Another way (slightly old skool); have a task sequence with multiple steps, and the targets have to do a wmi evaluation logic on a step to see if it deserves to run that 'step' of the TS. Lots of ways to get to your end goal; you just need to work out which one makes the most sense for you. Another way--why thousands of boundaries? simplify! We have 300k+ clients, and have a total of 18 boundaries. It's all IP ranges--covering 0.0.0.0 through 255.255.255.254 We used to have fewer than that, but we had to rebalance client counts and had to split up boundaries in slightly awkward ways. 18 feels like a lot to us. On Mon, Nov 28, 2016 at 2:42 PM, Schultz, Michael A <[email protected]<mailto:[email protected]>> wrote: We are looking at using compliance settings to apply BITS settings to machines based on a machine’s subnet or maybe boundary now that clients hold that info. Has anyone done anything similar? We are currently using client settings but it involves populating collections based off IP subnet (boundary) and with almost 100k clients and over a thousand boundaries, it is nightmare. Michael Schultz Client Systems Engineering Information Systems Providence Health & Services [email protected]<mailto:[email protected]> ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. -- Thank you, Sherry Kissinger My Parameters: Standardize. Simplify. Automate Blogs: http://www.mofmaster.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mofmaster.com&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=MeadVNk5pYUBV0ddfGsOufuXjd%2BNQKwSftth6olckYw%3D&reserved=0>, http://mnscug.org/blogs/sherry-kissinger<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmnscug.org%2Fblogs%2Fsherry-kissinger&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=lvQt88cZn7cagaopHUdJ6V%2BlJBwnTZ%2BFHBIhsn8PwWA%3D&reserved=0>, http://www.smguru.org<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smguru.org&data=01%7C01%7Cmichael.schultz%40providence.org%7C91c57ca1d55c4863e39308d417da4f93%7C2e3190869a2646a3865f615bed576786%7C1&sdata=ilPIvPpb2RxXdcZoqULuwhp1l%2Fc04mTf%2BIr0RKvo5oY%3D&reserved=0> ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
