Content management in
Microsoft System Center 2012
Configuration Manager relies on the infrastructure of the
distribution point site role. This section provides configuration
information for creating the distribution point site role,
configuring the distribution point properties, and creating
distribution point groups.
Use the following sections in this topic to help you install and
configure distribution points and distribution point groups:
Install and Configure the
Distribution Point
You must designate a site system server as a
distribution point before content can be made available to client
computers. You can add the distribution point site role to a new
site system server or add the site role to an existing site system
server. Use the following procedure to add the distribution point
site role to a new or existing site system server.
 Security Note |
You must have the following security permissions to create and
configure a distribution point:
- Read for the Distribution Point
object
- Copy to Distribution Point for the
Distribution Point object
- Modify for the Site object
- Manage Certificates for Operating System
Deployment for the Site object
|
To install and configure the
distribution point site role on a site system server
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, expand Site
Configuration, and then click Servers and Site System
Roles.
-
Add the distribution point site system role to a new or
existing site system server by using the associated step:
- New site system server: On the
Home tab, in the Create group, click Create Site
System Server. The Create Site System Server Wizard opens.
- Existing site system server: Click the
server in which you want to install the distribution point site
system role. When you click a server, a list of the site system
roles that are already installed on the server are displayed in the
results pane.
On the Home tab, in the Server group, click Add
Site System Role. The Add Site System Roles Wizard opens.
-
On the General page, specify the general
settings for the site system server. When you add the distribution
point to an existing site system server, verify the values that
were previously configured.
-
On the System Role Selection page, select
Distribution point from the list of available roles, and
then click Next.
-
Configure the distribution point settings on the
following pages of the wizard:
- Distribution Point page
Configure the general distribution point settings.
- Install and configure IIS if required by
Configuration Manager: Select this setting to let Configuration
Manager install and configure Internet Information Services (IIS)
on the server if it is not already installed. IIS must be installed
on all distribution points. If IIS is not installed on the server
and you do not select this setting, you must install IIS before the
distribution point can be installed successfully.
- Configure how client devices communicate with
the distribution point. There are advantages and disadvantages for
using HTTP and HTTPS. For more information, see
Security Best Practices for Content Management section in the
Security and
Privacy for Content Management in Configuration Manager
topic.
For more information about client communication to the distribution
point and other site systems, see the Planning for Client Communications in
Configuration Manager section in the Planning for
Communications in Configuration Manager topic.
- Allow clients to connect anonymously:
This setting specifies whether the distribution point will allow
anonymous connections from Configuration Manager clients to the
content library.
 Important |
| When you deploy a Windows Installer application on a
Configuration Manager client, Configuration Manager downloads the
file to the local cache on the client and the files are eventually
removed after the installation completes. The Configuration Manager
client updates the Windows Installer source list for the installed
Windows Installer applications with the content path for the
content library on associated distribution points. Later, if you
start the repair action from Add/Remove Programs on a Configuration
Manager client, MSIExec attempts to access the content path by
using an anonymous user. You must select the Allow clients to
connect anonymously setting or the repair fails for clients.
You must always select the Allow clients to connect
anonymously setting for Windows XP clients. For all other
operating systems, you can install the update and modify a registry
key described in Microsoft Knowledge Base article 2619572. After the update is installed
on the clients, MSIExec will access the content path by using the
logged on user account when you do not select the Allow clients
to connect anonymously setting. |
- Create a self-signed certificate or import a
public key infrastructure (PKI) client certificate for the
distribution point. The certificate has the following purposes:
- It authenticates the distribution point to a
management point before the distribution point sends status
messages.
- When you select Enable PXE support for
clients check box on the PXE Settings page, the
certificate is sent to computers that perform a PXE boot so that
they can connect to a management point during the deployment of the
operating system.
When all your management points in the site are configured for
HTTP, create a self-signed certificate. When your management points
are configured for HTTPS, import a PKI client certificate.
To import the certificate, browse to a Public Key Cryptography
Standard (PKCS #12) file that contains a PKI certificate with the
following requirements for Configuration Manager:
- Intended use must include client
authentication.
- The private key must be enabled to be
exported.
 Note |
| There are no specific requirements for the certificate subject
or subject alternative name (SAN), and you can use the same
certificate for multiple distribution points. |
For more information about the certificate requirements, see
PKI Certificate
Requirements for Configuration Manager.
For an example deployment of this certificate, see the
Deploying the Client Certificate for Distribution Points
section in the Step-by-Step Example
Deployment of the PKI Certificates for Configuration Manager:
Windows Server 2008 Certification Authority topic.
- Enable this distribution point for
prestaged content: Select this setting to enable the
distribution point for prestaged content. When this setting is
selected, you can configure distribution behavior when you
distribute content. You can choose whether you always want to
prestage the content on the distribution point, prestage the
initial content for the package, but use the normal content
distribution process when there are updates to the content, or
always use the normal content distribution process for the content
in the package.
- Drive Settings page
Specify the drive settings for the distribution point. You can
configure up to two disk drives for the content library and two
disk drives for the package share, although
System Center 2012 Configuration Manager can use
additional drives when the first two reach the configured drive
space reserve. The Drive Settings page configures the
priority for the disk drives and the amount of free disk space that
remains on each disk drive.
- Drive space reserve (MB): The value
that you configure for this setting determines the amount of free
space on a drive before System Center 2012
Configuration Manager chooses a different drive and continues
the copy process to that drive. Content files can span multiple
drives.
- Content Locations: Specify the content
locations for the content library and package share.
System Center 2012 Configuration Manager copies
content to the primary content location until the amount of free
space reaches the value specified for Drive space reserve
(MB). By default, the content locations are set to
Automatic. The primary content location is set to the disk
drive that has the most disk space at installation, and the
secondary location is assigned to the disk drive that has the
second most free disk space. When the primary and secondary drives
reach the drive space reserve, Configuration Manager selects
another available drive with the most free disk space and continues
the copy process.
| Note |
| To prevent Configuration Manager from installing on a specific
drive, create an empty file named no_sms_on_drive.sms and
copy it to the root folder of the drive before you install the
distribution point. |
- Pull Distribution Point page
For System Center 2012 SP1 only:
Configure the distribution point to be a pull-distribution point by
selecting Enable pulling content from other distribution
points.
- Click Add, and then select one or more
of the available distribution points to be source distribution
points..
- Click Remove to remove the selected
distribution point as a source distribution point.
- Use the arrow buttons to adjust the order in
which the source distribution points are contacted by the
pull-distribution point when the pull-distribution point attempts
to transfer content.
- PXE Settings page
Specify whether to enable PXE on the distribution point. When you
enable PXE, Configuration Manager installs Windows Deployment
Services on the server, if required. Windows Deployment Service is
the service that performs the PXE boot to install operating
systems. After you complete the wizard to create the distribution
point, Configuration Manager installs a provider in Windows
Deployment Services that uses the PXE boot functions.
When you select Enable PXE support for clients, configure
the following settings:
- Allow this distribution point to respond
to incoming PXE requests: Specifies whether to enable Windows
Deployment Services so that it responds to PXE service requests.
Use this check box to enable and disable the service without
removing the PXE functionality from the distribution point.
- Enable unknown computer support:
Specify whether to enable support for computers that are not
managed by Configuration Manager.
- Require a password when computers use
PXE: To provide additional security for your PXE deployments,
specify a strong password.
- User device affinity: Specify how you
want the distribution point to associate users with the destination
computer for PXE deployments. Select one of the following
options:
- Allow user device affinity with
auto-approval: Select this setting to automatically associate
users with the destination computer without waiting for
approval.
- Allow user device affinity pending
administrator approval: Select this setting to wait for
approval from an administrative user before users are associated
with the destination computer.
- Do not allow user device affinity:
Select this setting to specify that users are not associated with
the destination computer.
For more information about user device affinity, see How to Associate Users
with a Destination Computer.
- Network interfaces: Specify that the
distribution point responds to PXE requests from all network
interfaces or from specific network interfaces. If the distribution
point responds to specific network interface, you must provide the
MAC address for each network interface.
- Specify the PXE server response delay
(seconds): Specifies, in seconds, how long the delay is for the
distribution point before it responds to computer requests when
multiple PXE-enabled distribution points are used. By default, the
Configuration Manager PXE service point responds first to network
PXE requests.
| Note |
| You can use the PXE protocol to start operating system
deployments to Configuration Manager client computers.
Configuration Manager uses the PXE-enabled distribution point site
role to initiate the operating system deployment process. The
PXE-enabled distribution point must be configured to respond to PXE
boot requests that Configuration Manager clients make on the
network and then interact with Configuration Manager infrastructure
to determine the appropriate deployment actions to take. For more
information about using PXE to deploy operating systems in
Configuration Manager, see Planning How to Deploy
Operating Systems in Configuration Manager. |
- Multicast page
Specify whether to enable multicast on the distribution point. When
you enable multicast, Configuration Manager installs Windows
Deployment Services on the server, if required.
When you select the Enable multicast to simultaneously send data
to multiple clients check box, configure the following
settings:
- Multicast Connection Account: Specify
the account to use when you configure Configuration Manager
database connections for multicast.
- Multicast address settings: Specify
the IP addresses used to send data to the destination computers. By
default, the IP address is obtained from a DHCP server that is
enabled to distribute multicast addresses. Depending on the network
environment, you can specify a range of IP addresses between
239.0.0.0 and 239.255.255.255.
| Important |
| The IP addresses that you configure must be accessible by the
destination computers that request the operating system image.
Verify that routers and firewalls allow for multicast traffic
between the destination computer and the site server. |
- UDP port range for multicast: Specify
the range of user datagram protocol (UDP) ports that are used to
send data to the destination computers.
| Important |
| The UDP ports must be accessible by the destination computers
that request the operating system image. Verify that routers and
firewalls allow for multicast traffic between the destination
computer and the site server. |
- Client transfer rate: Select the
transfer rate that is used to download data to the destination
computers.
- Maximum clients: Specify the maximum
number of destination computers that can download the operating
system from this distribution point.
- Enable scheduled multicast: Specify
how Configuration Manager controls when to start deploying
operating systems to destination computers. When selected,
configure the following options:
- Session start delay (minutes): Specify
the number of minutes that Configuration Manager waits before it
responds to the first deployment request.
- Minimum session size (clients):
Specify how many requests must be received before Configuration
Manager starts to deploy the operating system.
| Note |
| Multicast deployments conserve network bandwidth by
simultaneously sending data to multiple Configuration Manager
clients instead of sending a copy of the data to each client over a
separate connection. For more information about using multicast for
operating system deployment, see Planning a Multicast
Strategy in Configuration Manager. |
- Content Validation page
Specify whether to set a schedule to validate the integrity of
content files on the distribution point. When you enable content
validation on a schedule, Configuration Manager starts the process
at the scheduled time, and all content on the distribution point is
verified. You can also configure the content validation priority.
By default, the priority is set to Lowest.
To view the results of the content validation process, in the
Monitoring workspace, expand Distribution Status, and
then click the Content Status node. The content for each
package type (for example, Application, Software Update Package,
and Boot Image) is displayed.
 Warning |
| You specify the content validation schedule by using the local
time for the computer, the schedule displays in the Configuration
Manager console by using UTC. |
- Boundary Group page
Manage the boundary groups for which this distribution point is
assigned. You can associate boundary groups to a distribution
point. During content deployment, clients must be in a boundary
group associated with the distribution point to use it as a source
location for content. You can select the Allow clients to use
this site system as a fallback source location for content
check box to let clients outside these boundary groups fall back
and use the distribution point as a source location for content
when no other distribution points are available.
For more information about protected distribution points, see
Planning for Preferred Distribution Points and Fallback.
After you complete the wizard, the distribution point
site role is added to the site system server.
Modify the Distribution Point
Configuration Settings
After the distribution point is installed, you can
modify the configuration settings in the distribution point
properties. In the properties, you can configure the settings that
were available during the initial installation. You can also manage
the distribution point groups that the distribution point is
associated with, review the packages that are associated with the
distribution point, schedule when content can transfer to the
distribution point, and configure the rate limits to control the
network bandwidth that is in use when transferring content.
To modify the distribution point
properties
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, click
Distribution Points, and then select the distribution point
that you want to configure.
-
On the Home tab, in the Properties group,
click Properties.
-
Configure the distribution point settings on the
following tabs in the distribution point properties:
- General tab
Specify the following settings:
- Configure how client devices communicate with
the distribution point. There are advantages and disadvantages for
using HTTP and HTTPS. For more information, see
Security Best Practices for Content Management section in the
Security and
Privacy for Content Management in Configuration Manager
topic.
For more information about client communication to the distribution
point and other site systems, see the Planning for Client Communications in
Configuration Manager section in the Planning for
Communications in Configuration Manager topic.
- Allow clients to connect anonymously:
This setting specifies whether the distribution point allows
anonymous connections from Configuration Manager clients to the
content library.
| Important |
| When you deploy a Windows Installer application on a
Configuration Manager client, Configuration Manager downloads the
file to the local cache on the client and the files are eventually
removed after the installation completes. The Configuration Manager
client updates the Windows Installer source list for the installed
Windows Installer applications with the content path for the
content library on associated distribution points. Later, if you
start the repair action from Add/Remove Programs on a Configuration
Manager client, MSIExec attempts to access the content path by
using an anonymous user. You must select the Allow clients to
connect anonymously setting or the repair fails for clients.
You must always select the Allow clients to connect
anonymously setting for Windows XP clients. For all other
operating systems, you can install the update and modify a registry
key described in Microsoft Knowledge Base article 2619572. After the update is installed
on the clients, MSIExec will access the content path by using the
logged on user account when you do not select the Allow clients
to connect anonymously setting. |
- Create a self-signed certificate or import a
PKI client certificate for the distribution point. The certificate
has the following purposes:
- It authenticates the distribution point to a
management point before the distribution point sends status
messages.
- When Enable PXE support for clients is
selected on the PXE Settings page, the certificate is sent
to computers that perform a PXE boot so that they can connect to a
management point during the deployment of the operating system.
When all your management points in the site are configured for
HTTP, create a self-signed certificate. When your management points
are configured for HTTPS, import a PKI client certificate.
To import the certificate, browse to a Public Key Cryptography
Standard (PKCS #12) file that contains a PKI certificate with the
following requirements for Configuration Manager:
- Intended use must include client
authentication.
- The private key must be enabled to be
exported.
| Note |
| There are no specific requirements for the certificate subject
or subject alternative name (SAN), and you can use the same
certificate for multiple distribution points. |
For more information about the certificate requirements, see
PKI Certificate
Requirements for Configuration Manager.
For an example deployment of this certificate, see the
Deploying the Client Certificate for Distribution Points
section in the Step-by-Step Example
Deployment of the PKI Certificates for Configuration Manager:
Windows Server 2008 Certification Authority topic.
- Enable this distribution point for
prestaged content: Select this setting to enable the
distribution point for prestaged content. When this setting is
selected, you can configure distribution behavior when you
distribute content. You can choose whether you always want to
prestage the content on the distribution point, prestage the
initial content for the package, but use the normal content
distribution process when there are updates to the content, or
always use the normal content distribution process for the content
in the package.
- Pull Distribution Point tab
For System Center 2012 SP1 only:
Configure the distribution point to be a pull-distribution point by
selecting Enable pulling content from other distribution
points.
- Click Add, and then select one or more
of the available distribution points to be source distribution
points..
- Click Remove to remove the selected
distribution point as a source distribution point.
- Use the arrow buttons to adjust the order in
which the source distribution points are contacted by the
pull-distribution point when the pull-distribution point attempts
to transfer content.
- PXE tab
Specify whether to enable PXE on the distribution point. When you
enable PXE, Configuration Manager installs Windows Deployment
Services on the server, if required. Windows Deployment Service is
the service that performs the PXE boot to install operating
systems. After you complete the wizard to create the distribution
point, Configuration Manager installs a provider in Windows
Deployment Services that uses the PXE boot functions.
When you select Enable PXE support for clients, configure
the following settings:
- Allow this distribution point to respond
to incoming PXE requests: Specifies whether the PXE service
point responds to computer requests. When you do not enable this
setting, the PXE service point is installed but it is not
activated.
- Enable unknown computer support:
Specify whether to enable support for unknown computers. Unknown
computers are computers that are not managed by Configuration
Manager.
- Require a password when computers use
PXE: Specify whether a password is required for clients to
start the PXE boot.
- User device affinity: Specifies the
user device affinity behavior. Select one of the following
options:
- Allow user device affinity with
auto-approval: Select this setting if you want to automatically
associate users with the destination computer.
- Allow user device affinity pending
administrator approval: Select this setting if you want to
associate users with the destination computer only after approval
is granted.
- Do not allow user device affinity:
Select this setting if you do not want to associate users with the
destination computer.
For more information about user device affinity, see How to Associate Users
with a Destination Computer.
- Network interfaces: Specify whether
the distribution point responds to PXE requests on all network
interfaces or whether it responds to PXE requests on only specific
network interfaces.
- Specify the PXE server response delay
(seconds): Specifies, in seconds, how long the delay is for the
distribution point before it responds to computer requests when
multiple PXE-enabled distribution points are used. By default, the
Configuration Manager PXE service point responds first to network
PXE requests.
| Note |
| You can use the PXE protocol to initiate operating system
deployments to Configuration Manager client computers.
Configuration Manager uses the PXE-enabled distribution point site
role to start the operating system deployment process. The
PXE-enabled distribution point must be configured to respond to PXE
boot requests made by Configuration Manager clients on the network
and then interact with Configuration Manager infrastructure to
determine the appropriate deployment actions to take. For more
information about using PXE to deploy operating systems in
Configuration Manager, see Planning How to Deploy
Operating Systems in Configuration Manager. |
- Multicast tab
Specify whether to enable multicast on the distribution point. When
you enable multicast, Configuration Manager installs Windows
Deployment Services on the server, if required.
When you select the Enable multicast to simultaneously send data
to multiple clients check box, configure the following
settings:
- Multicast Connection Account: Specify
the account to use when you configure Configuration Manager
database connections for multicast.
- Multicast address settings: Specify
the IP addresses used to send data to the destination computers. By
default, the IP address is obtained from a DHCP server that is
enabled to distribute multicast addresses. Depending on the network
environment, you can specify a range of IP addresses between
239.0.0.0 and 239.255.255.255.
| Important |
| The IP addresses that you configure must be accessible by the
destination computers that request the operating system image.
Verify that routers and firewalls allow for multicast traffic
between the destination computer and the site server. |
- UDP port range for multicast: Specify
the range of user datagram protocol (UDP) ports used to send data
to the destination computers.
| Important |
| The UDP ports must be accessible by the destination computers
that request the operating system image. Verify that routers and
firewalls allow for multicast traffic between the destination
computer and the site server. |
- Client transfer rate: Select the
transfer rate used to download data to the destination
computers.
- Maximum clients: Specify the maximum
number of destination computers that can download the operating
system from this distribution point.
- Enable scheduled multicast: Specify
how Configuration Manager controls when to start deploying
operating systems to destination computers. When selected,
configure the following options:
- Session start delay (minutes): Specify
the number of minutes that Configuration Manager waits before it
responds to the first deployment request.
- Minimum session size (clients):
Specify how many requests must be received before Configuration
Manager starts to deploy the operating system.
| Note |
| Multicast deployments conserve network bandwidth by
simultaneously sending data to multiple Configuration Manager
clients rather than sending a copy of the data to each client over
a separate connection. For more information about using multicast
for operating system deployment, see Planning a Multicast
Strategy in Configuration Manager. |
- Group Relationships tab
Manage the distribution point groups in which this distribution
point is a member.
To add this distribution point as a member to an existing a
distribution point group, click Add. Select an existing
distribution point group in the list in the Add to Distribution
Point Groups dialog box, and then click OK.
To remove this distribution point from a distribution point group,
select the distribution point group in the list, and then click
Remove.
- Content tab
Manage the content that has been distributed to the distribution
point. The Deployment packages section provides a list of the
packages distributed to this distribution point. You can select a
package from the list and perform the following actions:
- Validate: Starts the process to
validate the integrity of the content files in the package. To view
the results of the content validation process, in the
Monitoring workspace, expand Distribution Status, and
then click the Content Status node.
- Redistribute: Copies all of the
content files in the package to the distribution point, and
overwrites the existing files. You typically use this operation to
repair content files in the package.
- Remove: Removes the content files from
the distribution point for the package.
- Content Validation tab
Specify whether to set a schedule to validate the integrity of
content files on the distribution point. When you enable content
validation on a schedule, Configuration Manager starts the process
at the scheduled time, and all content on the distribution point is
verified. You can also configure the content validation priority.
By default, the priority is set to Lowest.
To view the results of the content validation process, in the
Monitoring workspace, expand Distribution Status, and
then click the Content Status node. The content for each
package type (for example, Application, Software Update Package,
and Boot Image) is displayed.
| Warning |
| You specify the content validation schedule by using the local
time for the computer, the schedule displays in the Configuration
Manager console by using UTC. |
- Boundary Groups tab
Manage the boundary groups for which this distribution point is
assigned. The distribution point is considered protected for the
clients that are within the boundaries associated with the boundary
group. During a content deployment, only the clients that are in an
assigned boundary group can use the distribution point as a content
location source. You can select the Allow a client outside these
boundary groups to fall back and use this site system as a source
location for content check box to let clients not in the
assigned boundary groups use the distribution point if a protected
distribution point is not available to the client.
For more information about protected distribution points, see
Planning for Preferred Distribution Points and Fallback.
- Schedule tab
Specify whether to configure a schedule that restricts when
Configuration Manager can transfer data to the distribution point.
To restrict data, select the time period and then select one of the
following settings for Availability:
- Open for all priorities: Specifies
that Configuration Manager sends data to the distribution point
with no restrictions.
- Allow medium and high priority:
Specifies that Configuration Manager sends only medium and high
priority data to the distribution point.
- Allow high priority only: Specifies
that Configuration Manager sends only high priority data to the
distribution point.
- Closed: Specifies that Configuration
Manager does not send any data to the distribution point.
You can restrict data by priority or close the connection for
selected time periods.
- Rate Limits tab
Specify whether to configure rate limits to control the network
bandwidth that is in use when transferring content to the
distribution point. You can choose from the following options:
- Unlimited when sending to this
destination: Specifies that Configuration Manager sends content
to the distribution point with no rate limit restrictions.
- Pulse mode: Specifies the size of the
data blocks that are sent to the distribution point. You can also
specify a time delay between sending each data block. Use this
option when you must send data across a very low bandwidth network
connection to the distribution point. For example, you might have
constraints to send 1 KB of data every five seconds, regardless of
the speed of the link or its usage at a given time.
- Limited to specified maximum transfer
rates by hour: Specify this setting to have a site send data to
a distribution point by using only the percentage of time that you
configure. When you use this option, Configuration Manager does not
identify the networks available bandwidth, but instead divides the
time it can send data into slices of time. Then data is sent for a
short block of time, which is followed by blocks of time when data
is not sent. For example, if the maximum rate is set to 50%,
Configuration Manager transmits data for a period of time followed
by an equal period of time when no data is sent. The actual size
amount of data, or size of the data block, is not managed. Instead,
only the amount of time during which data is sent is managed.
Create and Configure Distribution
Point Groups
Distribution point groups provide a logical grouping of
distribution points and collections for content distribution. You
can add one or more distribution points from any site in the
Configuration Manager hierarchy to the distribution point group.
You can also add the distribution point to more than one
distribution point group so that you can manage and monitor content
from a central location for distribution points that span multiple
sites. When you distribute content to a distribution point group,
all distribution points that are members of the distribution point
group receive the content. When a new distribution point is added
to a distribution point group, it receives all content that has
been previously distributed to it. You can also associate
collections to the distribution point group. When you distribute
content, you can target a collection and the distribution points
that are members of all distribution point groups with an
association to the collection to receive the content.
| Important |
| After you distribute content to a collection, and then
associate the collection to a new distribution point group, you
must redistribute the content to the collection before the content
is distributed to the new distribution point group. |
To create and configure a new
distribution point group
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, click
Distribution Point Groups.
-
On the Home tab, in the Create group,
click Create Group.
-
Enter the name and description for the distribution
point group.
-
On the Collections tab, click Add, select
the collections that you want to associate with the distribution
point group, and then click OK.
-
On the Members tab, click Add, select the
distribution points that you want to add as members of the
distribution point group, and then click OK.
-
Click OK to create the distribution point
group.
To add distribution points and
associate collections to an existing distribution point group
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, click
Distribution Point Groups, and then select the distribution
point group in which you want to modify members.
-
On the Home tab, in the Properties group,
click Properties.
-
On the Collections tab, click Add to
select the collections that you want to associate with the
distribution point group, and then click OK.
-
On the Members tab, click Add to select
the distribution points that you want to add as members of the
distribution point group, and then click OK.
-
Click OK to save changes to the distribution
point group.
To add selected distribution points to
a new distribution point group
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, click
Distribution Points, and then select the distribution points
that you want to add to the new distribution point group.
-
On the Home tab, in the Distribution
Point group, expand Add Selected Items, and then click
Add Selected Items to New Distribution Point Group.
-
Enter the name and description for the distribution
point group.
-
On the Collections tab, click Add to
select the collections that you want to associate with the
distribution point group, and then click OK.
-
On the Members tab, verify that you want
Configuration Manager to add the listed distribution points as
members of the distribution point group. Click Add to modify
the distribution points that you want to add as members of the
distribution point group, and then click OK.
-
Click OK to create the distribution point
group.
To add selected distribution points to
existing distribution point groups
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, click
Distribution Points, and then select the distribution points
that you want to add to the new distribution point group.
-
On the Home tab, in the Distribution
Point group, expand Add Selected Items, and then click
Add Selected Items to Existing Distribution Point
Groups.
-
In the Available distribution point groups,
select the distribution point groups to which the selected
distribution points are added as members, and then click
OK.
Configure the Network Access
Account
Client computers use the Network Access Account when
they cannot use their local computer account to access content on
distribution points; for example, this applies to workgroup clients
and computers from untrusted domains. This account might also be
used during operating system deployment when the computer
installing the operating system does not yet have a computer
account on the domain.
| Note |
| Clients only use the Network Access Account for accessing
resources on the network. |
Grant this account the minimum appropriate permissions
to access the software for the content that the client requires.
The account must have the Access this computer from the
network right on the distribution point. Because you can create
only one Network Access Account per site, this account must
function for all packages and task sequences for which it is
required.
| Warning |
| When Configuration Manager tries to use the
computername$ account to download the content and it fails,
it automatically tries the Network Access Account again, even if it
has previously tried and failed. |
Create the account in any domain that provides the
necessary access to resources. The Network Access Account must
always include a domain name. Pass-through security is not
supported for this account. If you have distribution points in
multiple domains, create the account in a trusted domain.
 Tip |
| To avoid account lockouts, do not change the password on an
existing Network Access Account. Instead, create a new account and
configure the new account in Configuration Manager. When sufficient
time has passed for all clients to have received the new account
details, remove the old account from the network shared folders and
delete the account. |
| Security Note |
| Do not grant this account interactive logon rights.Do not grant
this account the right to join computers to the domain. If you must
join computers to the domain during a task sequence, use the Task
Sequence Editor Domain Joining Account. |
Use the following procedure to configure the Network
Access Account.
| Note |
| You cannot configure the Network Access Account on a central
administration site. |
To configure the Network Access
Account
-
In the Configuration Manager console, click
Administration.
-
In the Administration workspace, expand Site
Configuration, click Sites, and then select the
site.
-
On the Settings group, click Configure Site
Components, and then click Software Distribution.
-
Click the Network Access Account tab, configure
the account, and then click OK.
See Also
