R2 CU3 Management point communications update
Hi All,
with the release of R2 CU3 we now have the ability to restrict which Management points a client can talk to. This can be particularly useful in case you have a Remote MP or only certain MP’s a client can access.
All we simply need to do is
- Install the Client Hotfix KB2994331 which comes with the CU3 update above. The Client version will be 5.00.7958.1401
- add a new REG_MULTI_SZ (multi-string) type key under HKEY_LOCAL_MACHINE\Software\Microsoft\CCM on each client called AllowedMPs and add the FQDN of the Management Point we want to allow the client access to. (We can control this with Compliance Settings.)
After restarting the SMS Agent Host we can see that our MP is being forced in the Locationservices.log
and we can confirm that we are talking to the correct MP in ClientLocation.log
keep in mind the following Note from the CU3 update
Note After this value is defined, there is no fallback or other method for clients to communicate with other MPs. This new entry is only intended for permanently located workstation and server clients and is not portable to devices such as mobile PCs or tablets.
Comments
- Anonymous
January 01, 2003
The comment has been removed - Anonymous
January 01, 2003
@Chris I haven't had a chance to test that particular scenario yet but that's exactly what it should do. Simply because the HTTPS MP will not be in the allowed list. Ill try and find some time to test out the scenario and confirm it works in the next week or two and let you know. - Anonymous
October 01, 2014
So lets say that I have an HTTP MP and an HTTPS MP in a specific site. Say, one for Macs (requiring certs, of course) and a second just for Windows workstations. Can I use this to setting to force the Windows boxes to use the unsecured MP or will those workstations continue to prefer the HTTPS MP? - Anonymous
October 03, 2014
The opposite of this would be useful - either the ability to allow named clients to use an MP. Almost a 'Protected MP' scenario.