This page contains the elements described in the following table.

Name Description


Enter the share path of the server share site system to be created.

Specify a fully qualified domain name (FQDN) for this site system on the intranet.

Enables or cancels the intranet FQDN text box, which allows you to specify an intranet FQDN for the site system.

An FQDN is required for many scenarios in Configuration Manager including the following:

  • Automatic approval of trusted clients in mixed mode

  • Native mode if the site system PKI certificate uses an FQDN as specified in Certificate Requirements for Native Mode.

  • Environments that have multiple domains and do not use WINS.

Configuring an FQDN is also recommended if this site system will host the default management point that will publish to Domain Name System (DNS).

For more information, see Determine If You Will Use FQDN Server Names and Determine If You Need to Publish to DNS.

Intranet FQDN

Enter a fully qualified domain name (FQDN) for the site system on the intranet. This can be the same FQDN as the server's network configuration, or it can be a CNAME (alias) configured on the intranet DNS.

If the site is in native mode, the intranet FQDN you specify here must match the intranet FQDN specified in the server's certificate subject name (or subject alternative name). For more information about the certificates for native mode, see Certificate Requirements for Native Mode.

Enter an FQDN that adheres to RFC 1123:

  • ASCII letters, digits, and the `-' (hyphen or dash) character.

  • Labels cannot be all numbers, but can have a leading digit.

  • Labels must end and begin only with a letter or digit.

    Configuration Manager cannot validate that the name specified is configured on intranet DNS servers.

Enable this system as a protected site system

Select this option to configure the site system as a protected site system. If this option is selected, you must also click Select Boundaries to open the Boundaries dialog box and configure the boundaries to limit client connections to this site system.

This option applies only to site systems that are configured as distribution points and state migration points.

Protected site systems cannot be configured for connections from clients over the Internet.

Allow only site server initiated data transfers from this site system

By default, site systems initiate connections to the site server to send status information to the site. Enabling this option results in the site server initiating the connection to site systems that are configured for site system roles that are supported across forests. This configuration might introduce some latency in sending status messages, with a decrease in performance on the site server.

The site system roles that support this option are the following:

  • Management point

  • Distribution point

  • Software update point

  • Fallback status point

Enable this option only if these site system servers are in different forests than the site server and you need to control the direction of connections between the servers. The most likely scenario for this requirement is when the site is configured for Internet-based client management and the site system is in the perimeter network with the site server on the intranet. For more information, see Site System Roles that Support Internet-Based Client Management.

You must use the Site System Installation Account with this option, and you cannot use the site server's computer account even if a trust exists.


Goes to the previous page of the wizard.


Goes to the next page of the wizard.


Discards the settings, and exits the wizard.

See Also