sccm 2012 rc part 5 - enable endpoint protection
TRANSCRIPT
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
1/33
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
2/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 1. Configure the Endpoint Protection RolePerform the fol lowing o n the SCCM server as SMSadmin
Note: The Endpoint Protection point site system role must be installed before you can use EndpointProtection. It must be installed on one site system server onlyand it must be installed at thetop of
the hierarchyon a central administration site or a standalone primarysite.
Note: #2 Prior to enabling this role, you should review certain features in your Default ClientSettingsin relation to EndPoint Protection otherwise you could end up with servers having theSCEP client installed before you were ready to do so.
In the configmgr console, click on AdministrationExpand Overviewand expand Site ConfigurationSelect Servers and Site System Roles
And click on Homein the Ribbon and click on Add Site System Roles.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
3/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
When the wizard appears click next
Select the Endpoint Protection Pointrole and click next
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
4/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Read and then accept the License Agreement terms
Next you get some choices about Microsoft Active Protection service, you can opt in, or opt out,let's select Basic Membership.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
5/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
click next at the summary and review the status on the completion screen.
within a few minutes you'll see the Endpoint Protection client appear in the System Tray of your LABcomputers
Note:You can review the EPSetup.log on the server to monitor role installation progress.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
6/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 2. Configure alerts for Endpoint ProtectionPerform the fol lowing o n the SCCM server as SMSadmin
Note: Alerts inform the administrator when specific events have occurred, such as a malwareinfection. Alerts can be displayed in the Configuration Manager console, through reports, oroptionally can be emailed to specified users. You can configureEndpoint Protection alertsin
System Center 2012 Configuration Manager to notify administrative userswhen specific securityevents occur in your hierarchy. Notifications display in the Endpoint Protection dashboardin theConfiguration Manager console, in reports, and you can configure them to be emailed to specifiedrecipients.
Configure Email Notification (Optional)
If you have access to an SMTP server then you can optionally configure Email NotificationAlerts.In the configmgr console, click on Administration, expand Overviewand expand SiteConfiguration, select Sitesand click on Settings in the ribbon and click on Configure SiteComponentsand select Email Notification.
http://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspx -
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
7/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Enter your desired settings for SMTP and click Apply.Note that you can test your SMTP settings
Configure Alerts for Collections
Next let's configure Alerts for a Collection, but first let's create a collection called All Windows 7Computers(in a LAB this is fine for what we want to do, in Production you should create EndPointProtection specific Collections).
Note:- You cannot configure alerts for User Collections.Click on Assets and Complicance in theconsole,click on Device Collections and in the ribbon click on Create Device Collection.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
8/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Call the collectionAll Windows 7 Computersand limit it toAll Systems
click next, choose Query Rulefrom the drop down menu and fill in a Query like so (edit querystatement, criteria, show query language and replace the code with the below)
select* from SMS_R_System whereSMS_R_System.OperatingSystemNameandVersionlike "%Workstation 6.1%"
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
9/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
set the schedule as follows (it's a LAB)
click next through the wizard, the collection is now created.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
10/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
In Assets and Complianceselect Devicesand choose Device Collections, select the AllWindows 7 Computerscollection (we have no computers in this collection yet but we will havesoon), choose properties
Click on the Alertstab and place a checkmark in View this collection in the Endpoint ProtectionDashboard
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
11/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
click on Addand select all the options
click ok and leave the other Alert settings as they are
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
12/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 3. Configure SUP to deliver Definition UpdatesPerform the fol lowing o n the SCCM server as SMSadmin
In the Configuration Manager console, click Software Library, expand Software Updatesandclick on Automatic Deployment Rules
in the Ribbon click on Create Automatic Deployment Ruleand the wizard appears, give the rule asuitable name likeAutomatic Deployment Rule for Endpoint Protectionand point it to ourpreviously created All Windows 7 Computerscollection, select to create a new software updategroup
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
13/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
On the Deployment Settingspage of the wizard select Minimal from the Detail leveldrop-downlist, and then click Next
This reduces State Messagesreturned and thus reduces Configuration Manager server load
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
14/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
On theSoftware Updatespage select Date Released or Revised
In the Search Criteriapane, click on Value to findand select Last 1 day
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
15/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
For Evaluation Schedule, click on Customizeand set it to run every 1 days
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
16/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
For Deployment Scheduleset Time based on: UTC(if you want all clients in the hierarchy to installthe latest definitions at the same time. This setting is a recommended best practice.), for softwareavailable select 1 hour to allow the Deployment to reach all Distribution Points and select As soonas possiblefor the installation Deadline.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
17/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
For the User Visual Experienceselect Hidefrom the drop down menu
For Alertsenable the option to generate an alert
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
18/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
For download settingsas the definition updates are important let's download them even if on slownetworks
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
19/33
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
20/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
And click your way through the rest of the Wizard till completion
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
21/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 4. Configure the SUP Products to Sync and Perform a Sync Perform the fol lowing o n the SCCM server as SMSadmin
Click on Administration, expand Overviewand expand Site Configuration, select Sitesand clickon Settings in the ribbon and click on Configure Site Componentsand select Software UpdatePoint.
In the Productstab ensure that the product Forefront Endpoint Protection 2010check box isselected.
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
22/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Change the Sync Scheduleto 1 days
Click on Software Library, Software Updates, right click on All Software Updatesandchoose Synchronize Software Updates
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
23/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
AnswerYesto the Sync
at this point you can review the Wsyncmgr.login CMtrace
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
24/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Now you can click on All Software Updates and you'll see our Forefront Definition Updates listed
but if you scroll to the right you'll see nothing has been downloaded, yet...(because our AutomaticDeployment Rule hasn't run yet since the sync)
so let's force the Automatic Deployment Ruleto run now, right click on our ADR and choose RunNow
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
25/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
and after a few minutes look at our Definition Updates again, notice the difference ?
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
26/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 5. Configure Custom Client Settings for Endpoint Protection
Perform the fol lowing o n the SCCM server as SMSadmin
Note: Do not configure the default Endpoint Protection client settingsunless you are sure
that you want these applied to all computers in your hierarchy.
Below is an explanation of theEndPoint Protection settingsavailable:-
Quote
Manage Endpoint Protection client on client computers
Select Trueif you want to manage existing Endpoint Protection clients on computers in your hierarchy.
Select this option if you have already installed the Endpoint Protection client and want to manage it withConfiguration Manager.
You should also select this option if you want to create a script to uninstall an existing antimalware solution,install the Endpoint Protection client and deploy this script using a Configuration Manager application orpackage and program.
Install Endpoint Protection client on client computers
Select Trueto install and enable the Endpoint Protection client on client computers where it is not alreadyinstalled.
Automatically remove previously installed antimalware software before Endpoint Protection is installed
Select Trueto uninstall existing antimalware software.Note Endpoint Protection uninstalls the following antimalware software only:
All current Microsoft antimalware products except for Windows InTune and Microsoft Security EssentialsSymantec AntiVirus Corporate Edition version 10Symantec Endpoint Protection version 11Symantec Endpoint Protection Small Business Edition version 12Mcafee VirusScan Enterprise version 8Trend Micro OfficeScan
Suppress any required computer restart after the Endpoint Protection client installed
Select Trueto suppress a computer restart if it is required after the Endpoint Protection client installs.Allowed period of time users can postpone a required restart to complete the Endpoint Protectioninstallation (hours)
Specify the number of hours that users can postpone a computer restart if this is required after the EndpointProtection client installs.
Disable alternate sources (such as Windows Update, Microsoft Windows Server Update Services or UNCshares) for the initial definition update on client computers
Select Trueif you want to allow only Configuration Manager to install the initial definition update on clientcomputers. This setting can be helpful to avoid unnecessary network connections and reduce networkbandwidth during the initial installation of the definition update.
http://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspx -
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
27/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
In the Configuration Manager console, click Administration, click Client Settingsand onthe Hometab in the Creategroup, click Create Custom Client DeviceSettings.
Select Endpoint Protectionand call it Custom Client Device Endpoint Protection Settings
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
28/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Click on Endpoint Protectionand review the settings, change them to as follows:-
Manage Endpoint Protection Client on Client Computers = True
Install Endpoint Protection Client on Client Computers = True
Automatically remove previously installed antimalware software before Endpoint Protection is
installed = True Suppress any required computer restart after the Endpoint Protection client installed = False
Allowed period of time users can postpone a required restart to complete the Endpoint
Protection installation (hours) = 1
Disable alternate sources (such as Windows Update, Microsoft Windows Server Update
Services or UNC shares) for the initial definition update on client computers = True
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
29/33
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
30/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Step 6. Configure Custom Anti-Malware Policies
Perform the fol lowing o n the SCCM server as SMSadmin
Note: Do not configure the default client Malware Policyunless you are sure that you want
these applied to all computers in your hierarchy.
There are several pre-created AntiMalware Policies available, to review/use them click on Import.
(see screenshot below)
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
31/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
We will create our own policy in this LAB so in the Configuration Manager console, click Assets and
Compliance, click Endpoint Protection, select Antimalware Policies. In the ribbon select Create
Antimalware Policy
give the policy a name like Custom Endpoint Protection Antimalware Policy
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
32/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
for Scheduled scanschange to Dailyat 12 pm(default was Saturday, 2am) and set it to check for
latest definition updates before the scan and to randomize the scan start time
for Definition Updatesset the check to 2 hours and click on set source, only select Updates
distributed from Configuration Manager (deselet the other options)
Note: if your SCCM server has no internet access you can configure it to check for updates from
UNC file shares
-
8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection
33/33
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/
Click Ok, Ok.
Right click our Custom Endpoint Protection Antimalware Policyand selectDeploy, choose
our All Windows 7 ComputersCollection as we did for the Device settings above.
Thatsit we are done !
We have now created custom Client Device settingsand a Custom Antimalware Policyfor
our All Windows 7 Computerscollection, in further posts we will add some computers to that
collection and verify our Endpoint Protection settings.