Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

First off, I have to say that I am TRULY impressed with how well and clearly defined this step-by-step tutorial is. I am a first-time user of System Center, so I had to jump straight into the foray with v.2012 SP1. Despite the differences in screenshots and some other tweaks, I got through an installation after only two tries (I love VMs). That all said ...

 

[NEW TOPIC]

 

If anyone (Admin included) can help guide me through the following, I would greatly appreciate it. I have SCCM 2012 running and can do Client Pushes of the Configuration Manager client to domain-bound systems (via intranet), as well as push and update Endpoint Protection (EP), thereafter. I can even uninstall non-standard antivirus programs prior to EP installation without forcing system reboots (though the process takes longer to complete). However:

 

1. I need to create a deployment package (e.g. a ZIP, an MSI or an EXE) independent of the Client Push system (e.g. for workgroup or other systems not yet on the domain; workstations joined to a child domain; domain workstations using public Internet or currently out of reach from a domain hub). Once installed, the clients could ping via intranet or Internet to get updates, policy changes, etc.

 

2. I need some guidance on how to configure SCCM to use HTTP and/or HTTPS (preferably ONLY the latter) to update the Configuration Manager client, Endpoint Protection client and so on. I followed the instructions presented here to set up certificate calls and WSUS updates, but it looks like I broke my Client Push, in the process.

 

Those are my key issues, and I would appreciate ANY and ALL relevant assistance, as I am stuck like Chuck, right now - THX !!

  • Like 1

Share this post


Link to post
Share on other sites

I just discovered this site.. WOW what a great resource. Thanks for putting this together!!!

 

 

you are welcome !

 

glad you found it and i've fixed the links along with some missing text in the guide (it must have got dropped during an edit)

Share this post


Link to post
Share on other sites

First off, I have to say that I am TRULY impressed with how well and clearly defined this step-by-step tutorial is. I am a first-time user of System Center, so I had to jump straight into the foray with v.2012 SP1. Despite the differences in screenshots and some other tweaks, I got through an installation after only two tries (I love VMs). That all said ...

 

[NEW TOPIC]

 

If anyone (Admin included) can help guide me through the following, I would greatly appreciate it. I have SCCM 2012 running and can do Client Pushes of the Configuration Manager client to domain-bound systems (via intranet), as well as push and update Endpoint Protection (EP), thereafter. I can even uninstall non-standard antivirus programs prior to EP installation without forcing system reboots (though the process takes longer to complete). However:

 

1. I need to create a deployment package (e.g. a ZIP, an MSI or an EXE) independent of the Client Push system (e.g. for workgroup or other systems not yet on the domain; workstations joined to a child domain; domain workstations using public Internet or currently out of reach from a domain hub). Once installed, the clients could ping via intranet or Internet to get updates, policy changes, etc.

 

2. I need some guidance on how to configure SCCM to use HTTP and/or HTTPS (preferably ONLY the latter) to update the Configuration Manager client, Endpoint Protection client and so on. I followed the instructions presented here to set up certificate calls and WSUS updates, but it looks like I broke my Client Push, in the process.

 

Those are my key issues, and I would appreciate ANY and ALL relevant assistance, as I am stuck like Chuck, right now - THX !!

 

I'd like to help you offline as there is potentially a lot wrapped up in your request :) and it would be difficult to write a post that addresses it in enough detail to be helpful

 

One quick thing. Workgroup computer installations need to be done manually. You could write a script to make it less painful.

Share this post


Link to post
Share on other sites

For every infection identified by EndPoint on any machine, I am required to open an individual helpdesk ticket. I dont want to do this manually, ideally, SC would send a customized email to my helpdesk. Right now, it sends an email, but there are multiple infections per email. I need one per email.

1. How can I configure it so that I get one email to my helpdesk per each individual infection

2. How can I customize the subject to include <malware name> and <computer name>, and have other pertinent information in the body of the email, such as date, time, file location, current logged on user, etc?

Thanks,

Chuck

Share this post


Link to post
Share on other sites

Step 6, red warning after step for “Download settings” is missing a point.

The necessary requirements for the folder are:

  • Folder must exist and be shared with permissions as follows:
    • SMS Provider computer account and the user that is running the wizard to download the software updates must both have Write NTFS [and Change Share] permissions on the download location. For this tutorial it's "SMSAdmin" and the computer account for "CAS"
    • Everyone or at least Domain Users or Authenticated Users should have Read permissions

These requirments are described on TechNet at http://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_SUMSync and fixes the error due to lack of permissions as described in http://www.thelazysysadmin.net/2012/04/automatic-deployment-rules-download-failed-system-center-2012-configuration-manager/

I've had this error myself, and thought it would be useful for other to know about it.

Share this post


Link to post
Share on other sites

Thank you so much for the wonderful forum.

I seem to have everything working but have changed my mind about something and not finding a solution.

As part of the SCCM 2012 upgrade, I added Endpoint protection role and let it go on all the machines. Now that I see your post I want to start over and only install it on selected collections. How would I go about removing EP from all the clients? I removed the role but the clients still have EP installed. So far, only manual uninstall has worked.

Thank you,

Ed

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.