This blog is owned and operated by the ANZ ConfigMgr Premier Field Engineer team.
Contributors
Ian BartlettMatt ShadboltGeorge Smpyrakis
Blog Links
Hi All,
with the release of R2 CU3 we now have the ability to restrict which Management points a client can talk to. This can be particularly useful in case you have a Remote MP or only certain MP’s a client can access.
All we simply need to do is
After restarting the SMS Agent Host we can see that our MP is being forced in the Locationservices.log
and we can confirm that we are talking to the correct MP in ClientLocation.log
keep in mind the following Note from the CU3 update
Note After this value is defined, there is no fallback or other method for clients to communicate with other MPs. This new entry is only intended for permanently located workstation and server clients and is not portable to devices such as mobile PCs or tablets.
So lets say that I have an HTTP MP and an HTTPS MP in a specific site. Say, one for Macs (requiring certs, of course) and a second just for Windows workstations. Can I use this to setting to force the Windows boxes to use the unsecured MP or will those workstations continue to prefer the HTTPS MP?
@Chris I haven't had a chance to test that particular scenario yet but that's exactly what it should do. Simply because the HTTPS MP will not be in the allowed list. Ill try and find some time to test out the scenario and confirm it works in the next week or two and let you know.
The opposite of this would be useful - either the ability to allow named clients to use an MP. Almost a 'Protected MP' scenario.
Exactly what we need! The rotating MP lookup causes grief for servers in the DMZ! - Good session at TechEd Melbourne too!