ConfigMgr 2012 “Protected Boundaries”

Posted on Updated on

A best practice in ConfigMgr 2007 was to have remote distribution points “protected” so that client in other subnets would not incidentally download content from them.  This was particularly important for DPs that were slow WAN links.  In ConfigMgr 2012 however, having a protected DP looks different.  Instead of the old checkbox on the DP settings, now you add the Boundary (IP address range/subnets or AD Sites) into it’s own Boundary Group.  In this way only clients in that subnet will pull from that DP.



2 thoughts on “ConfigMgr 2012 “Protected Boundaries”

    MikeL said:
    October 12, 2012 at 1:48 pm

    Definitely better to have them protected by default. Then, we can put the check in the box for “Allow fallback source location for content” if needed. I did that at a previous client. They had a pretty small client base. But, they didn’t want to use the primary site as a DP. So, we deployed a separate DP. I then selected this box and did not assign a boundary to the primary server.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s