How to prevent UNC code bases from being offered by site servers configured strictly for Cloud-Enabled Management (CEM) agents.

When a Package Server is promoted to a STRICTLY CEM-enabled, Internet-facing Site Server, HTTPS is the only valid code base or download location. If the environment is already set up to use HTTPS, typically the setup will work. If HTTP is used or even partially used, the CEM Site Server requires additional configuration to ensure CEM-enabled and active clients can use the Site Server.

The following two changes will ensure the CEM clients are only handed HTTPS code bases to download packages from. The first step is covered in the documentation; however, it is worth bringing up here.

Enabling HTTPS

1. On the Package Server, open regedit.
2. Create the following key: HKLM | Software | Altiris | Altiris Agent | Package Server
3. DWORD > EnableHTTPSOverride
4. Value: 1

Disable UNC
(Note that the CEM-enabled clients will attempt HTTPS first, but this will remove the possibility of falling back to UNC, which will never work)

1. On the Package Server, open regedit.
2. Create the following key: HKLM | Software | Altiris | Altiris Agent | Package Server
3. DWORD > EnableUNCOverride
4. Value: 0

 NOTE: The Agent will typically figure out what method to use, but the above can help situations where the Site Server is only serving CEM-enabled clients.

In ITMS 7.6 and 8.0 the codebase publishing can be controlled using the "All Settings>Notification Server>Site Server Settings>Package ServicePackage Service Settings".