Jump to content


anyweb

using SCCM 2012 in a LAB - Part 5. Enable the Endpoint Protection Role and configure Endpoint Protection settings

Recommended Posts

 

I dont see how this product is anywhere near ready for production - how do we roll this out when the product is gold? It looks like its an all-or-nothing piece. I'd love to be able to test it on 10% of our machines to make sure it can uninstall current products with success and then kick it out - how would one do this?

 

 

 

 

 

 

 

what do you mean all or nothing ? if you don't want the SCEP agent installed then configure the Default client agent settings and your heirarchy will get no SCEP agent, if you want 10% of your computers to get it then configure custom client settings for that collection and they'll get the SCEP agent, you can then configure custom antimalware policies for those 10%

Share this post


Link to post
Share on other sites

 

BTW i thank you for getting me started very quickly. i have instructed all people around my organzation to your site for helpful tips and trciks, as wellas the amazing guides. any hope of getting a PDF or word doc for offline references?

 

If I get time in the future to convert these docs to pdf format then i'll do so, but not right now sorry

Share this post


Link to post
Share on other sites

are you referring to EP as from being installed above or purely talking about FEP 2012 on a different version of SCCM ? please clarify

 

I'm talking about the above install and deploying FEP 2012 using sccm 2012. Trying to access the requirements for different business locations so i got a test lab setup in canada as a 2nd site and the client is not deploying. So i wonder where i can get logs or something to see what the issue is.

 

Thanks

Share this post


Link to post
Share on other sites

 

I'm talking about the above install and deploying FEP 2012 using sccm 2012. Trying to access the requirements for different business locations so i got a test lab setup in canada as a 2nd site and the client is not deploying. So i wonder where i can get logs or something to see what the issue is.

 

Thanks

 

why are you deploying FEP 2012 clients when SCCM 2012 RC has the Endpoint Protection role and SCEP clients built in ? am I missing something here ?

Share this post


Link to post
Share on other sites

 

If I get time in the future to convert these docs to pdf format then i'll do so, but not right now sorry

 

I can upload them to somewhere i have converted a ton of them to word which is easy to save as PDF. I also corrected a few minor things like adding screenshots where one wasnt, etc.

Share this post


Link to post
Share on other sites

I've only gotten automated definition updates working by selecting WSUS as a source and specifying that source in Group Policy; leaving only "Configuration Manager" enabled consistently gives me quick "you're out of date" responses when I click the Update button. I do have the automatic deployment rule set up and it did download updates to the share I specified -- following the example in Step 4 to the letter except calling the folder "Forefront" instead of "Endpoint."

 

Am I missing a permission or some other setting here? The logs on the FEP client don't tell me anything. The FEP client had Windows Update and the MS Malware Center as sources (HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates\FallbackOrder). This changed to "InternalDefinitionUpdateServer" when I turned on both Config Manager and WSUS as sources.

 

What's the point of having System Center download and approve the updates when WSUS can auto-approve the definition updates as well, and auto-update from System Center seems to do nothing?

Share this post


Link to post
Share on other sites

Well it's working fine for me in my lab so I'm guessing you have misconfigured something, or forgotten to do an important step,

can you disable your wsus group policy and double check all the steps in this part, it should work.

Share this post


Link to post
Share on other sites

Well it's working fine for me in my lab so I'm guessing you have misconfigured something, or forgotten to do an important step,

can you disable your wsus group policy and double check all the steps in this part, it should work.

Thanks for responding, but I had tried disabling my WSUS-related group policy objects for the container where my test PCs are and I get the same result. I did gupdate /force and checked the Policy reg key to make sure the changes took effect. I'll keep checking.

 

Are there any logs that I've missed that are related to this? The System event log tells me about setting changes, and it reports update sources that fail (like Windows Update and MSMC) when they're enabled.

 

This is the third time, actually, that I've gotten through to this step. Twice I've gotten this result; the third time I messed up something on SQL and broke it completely but I know what happened there.

 

Speaking of SQL, I have a different problem but I'll raise that in Part 1.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.