If you have more than just a few boundary groups you have probably wanted a way to quickly set these options across all of them. I suggest setting the options for your VPN boundary group(s) first. For VPN you probably want to prefer cloud based sources and not use peer downloads at all (to prevent peering with internal computers). Once you have that set then you can run this little gem to set all of the others for what I believe is the best settings. Of course you can modify it if you think other settings are best.
Here you go:
<#
.Synopsis
Set SCCM Boundary Group Peer Cache options to Allow peer cache downloads within this Boundary Group but restrict downloads to peers within the same subnet.
.DESCRIPTION
Use this in order to quickly change the peer cache options for a set of boundary groups. The more boundary groups you have
in your organization, the more beneficial this becomes.
The flags (at time of writing) that you will see in the boundary groups are:
0 - Allow peer downloads in this boundary group (only first check box is checked)
1 - Do not allow peer downloads in this boundary group (no check boxes are checked)
2 - Allow peer downloads in this boundary group but During peer downloads only use peers within the same subnet (first two check boxes are checked)
9 - Prefer cloud based sources over on-premises sources and Do not allow peer downloads in this boundary group (only last check box is checked)
I have not experimented to find out what results come from other combinations of check-boxes.
#>
#Change testmode to false to save the changes
$testmode=$false
#The Configuration Manager site code
$sitecode="ABC"
#The Configuration Manager Primary Server
$SMSProvider="SCCMserver.domain.com"
#the flag you want to set
$newflag=2
$BoundaryGroups = (get-wmiobject -Namespace root\sms\site_$sitecode -Class SMS_BoundaryGroup -computername $SMSProvider) | Where-Object {($_.Flags -NE 2) -and ($_.Flags -le 2)}
Foreach ($BoundaryGroup in $BoundaryGroups) {
write-host "Setting $($BoundaryGroup.name) flags to $newflag (previously $($BoundaryGroup.flags))"
$BoundaryGroup.Flags = $newflag
Try {
If (-not $testmode) {
$result=$BoundaryGroup.Put()
write-host "saved" -ForegroundColor green
}
} Catch {
write-host "failed to set flag" -ForegroundColor red
}
}