How to configure SCCM 2012 R2 and BranchCache

This is part 1 of a 2 part post.  Part 1 (This one) demonstrates how to install and configure BranchCache while Part 2 will demonstrate how to prove that BranchCache is actually working.

Today I configured one of our smaller branch offices with a slow WAN link to use BranchCache with SCCM for application deployment.

I’m not going to talk about what branchcache is as I am assuming that by reading this post you have already identified a requirement for this feature within your organisation.  If, however, you would like to research this further, here are the links to the documentation that I used:

One of the great things about BranchCache is that it takes mere minutes to configure and can be switched on or off at the flick of a switch. (A.K.A GPO deployment!)

Below are the steps I took to implement this feature, and in part two of this post we’ll test it to confirm that it’s working.

1. The first thing I did was to enable Branchcache on the distribution point.  To do this, right-click the Distribution point and select properties:

2.  Next, select the ‘General tab’ and tick ‘Enable and configure BranchCache for this distribution point:
1 - Enable BranchCacheOnDP

Ticking this will actually install the BranchCache feature for you!  Let’s confirm this by running a simple Powershell command:

2 - ConfirmBCInstall

That’s all that’s required on the server side.

3.  The next thing is to configure BranchCache on the clients.  This is as easy as configuring and linking a GPO: (Want to Powershell this?)

Open GPMC.msc and navigate to: Computer Configuration -> Policies -> Administrative Templates -> Network -> BranchCache

This is where all of the Group Policy settings reside that we need.  At a minimum, you will need to:

  • Turn on BranchCache
  • Set BranchCache Distributed Cache Mode.

(You will not require any of the hosted cache settings as Configuration Manager only works with Distributed mode)

I only have Win 7 computers at the moment, however, if you have Windows 8.x you may wish to look at the other settings.  (‘Set age for segments in the Data cache’ looks particularly useful.)

3 - Configure GPO


4.  The next item is to configure the inbound and outbound firewall rules on the clients.  You can either choose to do this in the same GPO or a separate one – whatever floats your boat.

Still within GPMC.msc then, navigate to : Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall -> Windows Firewall with Advanced Security

Select ‘Inbound Rules’ and right-click it to select ‘New Rule’:

new FW Rule


Then select the ‘Predefined’ radio button:

predefined FW Rules

Now add the following two inbound rules as per the screenshot below:

4 - inboundRules

(Note: I went into the properties of these two rules afterwards to ensure that only the domain profile was selected.)

You now need to do the same for Outbound rules:


5.  Make sure you link your GPO’s to the OU that contains the computers that will be used for the BranchCache feature.

6.  For any application in Configuration Manager that you want to be able to take advantage of BranchCache, simply ensure that you tick ‘Allow clients to share content with other clients on the same subnet‘ which can be found on the properties of the DeploymentType of each application:


That’s it!

Now at your branch office, the first computer that requests an application will pull it down from your BranchCache enabled Distribution Point and then cache it on it’s local hard drive; other computers at the same branch office can now obtain the content locally.  Turning off this feature is as simple as  a GPO tweak.

My next post will demonstrate how to see if BranchCache is actually working.


  1. For a real world deployment to a remote site, is the process to first deploy a package to a master machine, then the remaining once the master has the application installed?

  2. Hello,
    For Software Updates is enough to enable “branchcache” on DPs, set the GPO and let the “allow clients to share content with other clients on the same subnet” ?

  3. Excellent post. But this is not a reliable technology I believe. We have implemented it at few remote sites. It works for couple of site whereas it does not work for others. Shows enabled in netsh or local firewall. No error in the event logs for Branch cache. Any troubleshooting steps if you could provide please.

Leave a Reply