If you manage a System Center Configuration Manager solution in your enterprise, you may have branch sites with slow bandwidth. When you deploy an Application, users in this remote site complain of slow network connections because of SCCM’s downloads.
Several solutions can be used to solve this issue, as BranchCache or deploy a Distribution Point on site. Using BranchCache needs to modify configuration on Windows Servers and Clients, like role installation and GPO. Moreover Distribution Point needs infrastructure on site, so budget allocation. Fortunately, Microsoft allows us to easily manage BITS transfer using SCCM.
Let’s see how to do deploy this configuration on remote sites.
When you deploy a computer with System Center Configuration Manager 2012 using OSD, the WinPE phase displays a name like “IT Organization“. It is possible to change this name by your real corporation name.
WinPE IT Organization
Let’s see how to do that.
Since Windows Server 2008, we can use Group Policy Preferences to set a password for Local Administrator on all workstations in an OU. In May 2014, Microsoft released a patch to remove this feature. KB2962486
In fact, the password was stored insecurely. It was crypted using a key which is now public MSDN. This is a security leak, password are sent in “clear” and several time by day, using GPO application. If KB2928120 is installed on your system, you can’t no more use GPO to define password for:
- Drive Maps.
- Local Users.
- Scheduled Tasks.
- Data Sources.
With the Security patch, Microsoft provided a Powershell script to change local password remotely.
Since few days, Microsoft released a new tool: Local Administrator Password Solution (LAPS). With this tool, computers are able to randomly change password for local administrator and store it in Active Directory attribute.