SCCM 1610 now supports inter-node content sharing without BranchCache or 3rd party tools. Annoying part is that you have to modify client cache ACL. I threw together some quick-n-dirty bits in a few minutes and it didn’t blow in my face just yet. I rolled it out with a compliance baseline to some pilot systems and it seems to work.
Caution is advised as I didn’t test it fully yet (or if Peer Cache actually works properly). It just adds required ACE for your SCCM network access account.
#SCCM Network Access account. I think it's not possible to query it from client $NetworkUserAccount = New-Object System.Security.Principal.NTAccount("DOMAIN\User") #SCCM Cache path from WMI. It's pretty much the same always but just in case... $CCMCache = (New-Object -ComObject "UIResource.UIResourceMgr").GetCacheInfo().Location #Enums for NTFS ACLs, static stuff. Could do better but stringbased cast works fine $ACLFileSystemRights = [System.Security.AccessControl.FileSystemRights]::FullControl $ACLAccessControlType = [System.Security.AccessControl.AccessControlType]::Allow $ACLInheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" $ACLPropagationFlags = [System.Security.AccessControl.PropagationFlags]::InheritOnly #If cache folder doesn't exist, quit with error If (!(Get-Item -Path $CCMCache)) { Exit 1 } #Current ACL $ACL = Get-Acl -Path $CCMCache #Check if ACL already has required entry. If it has, quit cleanly If ($ACL.Access | Where-Object -FilterScript { #Specific checks $_.FileSystemRights -eq $ACLFileSystemRights -and $_.AccessControlType -eq $ACLAccessControlType -and $_.IdentityReference -eq $NetworkUserAccount -and $_.InheritanceFlags -eq $ACLInheritanceFlags -and $_.PropagationFlags -eq $ACLPropagationFlags } ) { #ACL entry exists Exit 0 } Else { #Modify ACL $ACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($NetworkUserAccount, $ACLFileSystemRights, $ACLInheritanceFlags, $ACLPropagationFlags, $ACLAccessControlType) $ACL.AddAccessRule($ACE) Set-Acl -Path $CCMCache -AclObject $ACL }