Wednesday, December 7, 2022

Setting Peer Download options for SCCM boundary groups using Powershell

 If you have more than just a few boundary groups you have probably wanted a way to quickly set these options across all of them.  I suggest setting the options for your VPN boundary group(s) first. For VPN you probably want to prefer cloud based sources and not use peer downloads at all (to prevent peering with internal computers).  Once you have that set then you can run this little gem to set all of the others for what I believe is the best settings.  Of course you can modify it if you think other settings are best.

Here you go:

<#
.Synopsis
   Set SCCM Boundary Group Peer Cache options to Allow peer cache downloads within this Boundary Group but restrict downloads to peers within the same subnet.
.DESCRIPTION
   Use this in order to quickly change the peer cache options for a set of boundary groups.  The more boundary groups you have
   in your organization, the more beneficial this becomes.
   The flags (at time of writing) that you will see in the boundary groups are:
   0 - Allow peer downloads in this boundary group (only first check box is checked)
   1 - Do not allow peer downloads in this boundary group (no check boxes are checked)
   2 - Allow peer downloads in this boundary group but During peer downloads only use peers within the same subnet (first two check boxes are checked)
   9 - Prefer cloud based sources over on-premises sources and Do not allow peer downloads in this boundary group (only last check box is checked)
   I have not experimented to find out what results come from other combinations of check-boxes.
#>

#Change testmode to false to save the changes
$testmode=$false

#The Configuration Manager site code
$sitecode="ABC"

#The Configuration Manager Primary Server
$SMSProvider="SCCMserver.domain.com"

#the flag you want to set
$newflag=2
$BoundaryGroups = (get-wmiobject -Namespace root\sms\site_$sitecode -Class SMS_BoundaryGroup -computername $SMSProvider) | Where-Object {($_.Flags -NE 2) -and ($_.Flags -le 2)}
Foreach ($BoundaryGroup in $BoundaryGroups) {
    write-host "Setting $($BoundaryGroup.name) flags to $newflag (previously $($BoundaryGroup.flags))"
    $BoundaryGroup.Flags = $newflag
    Try {
        If (-not $testmode) {
            $result=$BoundaryGroup.Put()
            write-host "saved" -ForegroundColor green
        }
    } Catch {
        write-host "failed to set flag" -ForegroundColor red
    }
}

Thursday, December 1, 2022

Controlling SCCM bandwidth Utilization

 

There are four items that control network bandwidth utilization within SCCM: 

  1. BITS client setting – The download of data from the distribution point to the client is a BITS download.  In the client settings of the clients the rate of those downloads can be adjusted.  However, this is client side and does not know about bandwidth on the network so if enough clients, even if all configured to 1Mbps, are trying to download at the same time it can still clog the WAN.
    https://learn.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-settings#background-intelligent-transfer-service-bits

    I recommend setting the BITS settings but to something that will work for your organization.  Exactly what that is varies greatly from one organization to another.

    Client Settings items for BITS


  2. Rate Limit Schedules –  Set in the Distribution Point properties, this controls maximum data that can be sent to each distribution point  at any given time of day.  This is to prevent WAN saturation while getting the data onto the distribution points prior to deployment to clients.
    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/manage-network-bandwidth#BKMK_PlanningForThrottling

    I recommend setting the rate limits but to something that will work for your organization.  Exactly what that is varies greatly from one organization to another.  Remember that this is set individually for each distribution point.

    Distribution Point properties setting for Rate Limits


  1. LEDBAT - Where BITS worked client side, LEDBAT works server side to control bandwidth usage.  Like the throttling rate limits it is enabled on each distribution point individually.  The idea is that it dynamically adjusts transfer rates so that clients only use network bandwidth when it's available.
    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#windows-ledbat

    I recommend turning this on for every distribution point.

    Distribution Point properties setting for LEDBAT

  1. Peer caching technologies – Peer caching takes at least a portion of the load off of the WAN by allowing clients to share cached deployment data with each other.  We would limit this to only peers that are on the same subnet in order to ensure that they are never going cross-WAN. There are three peer caching technologies available in SCCM.  Without going deep on all of them I will just say that the on I recommend using is “Peer cache” for on-premises and Delivery Optimization for cloud (Intune).  Yes, use both if you have both on-prem SCCM and Intune because Delivery Optimization gives no benefit to your Line-of-Business applications or anything else that is not delivered from Microsoft's global distribution network.
    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#peer-caching-technologies

    I suggest turning on Peer Cache for all non-VPN connected clients and enabling peer downloads, but limited to same subnet, on all non-VPN boundary groups.

    Client Settings items for Peer Cache

    Boundary Group Setting for Peer Cache



Export all Scheduled Tasks

Unfortunately I've not yet figured out how to export the schedule itself, but for everything else run an elevated Powershell and: 



$outcsv = "C:\Users\$env:USERNAME\desktop\taskdef.csv"
Get-ScheduledTask |
ForEach-Object { [pscustomobject]@{
Name = $_.TaskName
Path = $_.TaskPath
User = $_.Principal.UserID
LastResult = $(($_ | Get-ScheduledTaskInfo).LastTaskResult)
NextRun = $(($_ | Get-ScheduledTaskInfo).NextRunTime)
Status = $_.State
Command = $_.Actions.execute
Arguments = $_.Actions.Arguments }} |
Export-Csv -Path $outcsv -NoTypeInformation