I want to install Distribution points on all of my remote servers. They are all domain controllers though. I know one of the prerequisites to host the DP role is to have the SCCM computer object apart of that servers local administrators group. Since they are domain controllers they dont have a local security policy and it is controlled by AD. I'm sure you can add the SCCM computer object to the domain admins group to solve this but my question is if this is considered a supported configuration?
Is it supported? To my knowledge, yes.
Is it a good idea? No.
How many clients are at each of these remote locations and what is the available bandwidth like?
If you are using the DC as a Distribution point to install clients via Client Push, the "NT Authority\Authenticated Users" group must be added to the local group "Users" to the DC/DP.
Clients are still able to get installed manually, but Client Push fails.
Failed to correctly receive a WEBDAV HTTP request.. (StatusCode at WinHttpQueryHeaders: 401)
Run elevated command prompt (net localgroup users "Authenticated Users" /add)
Test Client Push - Should be successful.
Reason: By default the local groups NT Authority\Interactive Users and NT Authority\Authenticated Users are removed from the Domain Controller. Clients that are using the DP for content cannot authenticate using the computer account.
I think the command should be
Net localgroup "Administrators" "<domain>/<siteserver>$" /add
since the users are already a member of authenticated users....the $ denotes a computer account...
thanks for your sugestion it helped me find hopefully the correct answers on EE by GCISDEngineer