In System Center Configuration Manager 2012 it is possible to mark an application so it will be assigned to a protected distribution point if a machine within that DP’s protected boundary request the content.
The feature can be seen if you open an Application and examine the Distribution Setting tab.
The obvious reason for this is to ensure that machines only download content from their local DP. But what happens in this new user-centric world with application catalogs and user targeted software?
Well, in one project where I am involved we have a very large number of printer/scanner drivers and we have created applications of each of these. We have targeted the applications to users so they can start the installation from the software catalog. However we do not really want to copy all these driver packages to our 100+ remote location across slow links.
Our solution which works very fine is to allow the package to be downloaded from a remote, unprotected DP. What happens is this: the user starts the installation. Content is downloaded from the remote DP using BITS and installation starts. After this content is assigned to the distribution points so the next time content is required at the location the package is available locally.