Sunday, February 12, 2012

2.0 Configure and Install SCEP Client Agent


To be performed by SCCM Administrators and security team


This section provides details on the steps necessary to install the SCEP Client Agent on an end user computing device. There are 2 options to install the SCEP Agent:
  1. As part of the Task Sequence / Image Install
  2. Automated fashion using SCCM Client Agent Settings
Deploy SCEP using Task Sequence
SCEP can be deployed using a Task Sequence for all end user computing devices using a command to install the SCEP agent.
The application should have a deployment type with the following command:
Scepinstall.exe /s /q
Refer to the following link for more details on how to deploy SCEP using command line:
http://technet.microsoft.com/en-us/library/gg412485.aspx
 Deploy SCEP using SCCM Client Agent
SCEP can also be deployed automatically using SCCM Client Agent policies.
Open Administration -> Client Settings in SCCM 2012 and create a new policy for End Point Protection.
It is a good practice to create a new policy for end point protection and not integrate with the default client settings since you can deploy the customized policies on a handful of computers to ensure it works as desired before making a production rollout.


Set the Manage EndPoint Protection client on Client Computers to TRUE. Setting this value to true will
push the SCEP client on any client that has a healthy SCCM Client agent working. You can manage the scope of the SCEP installation by deploying the policy to a collection with a restricted set of computers.

 

The best practice settings are as follows:


Client SettingsValues
Manage Endpoint Protection client on client computersTrue
Install Endpoint Protection client on client computersTrue
Automatically remove previously installed antimalware software before Endpoint Protection is installedFalse
Suppress any required computer restarts after the Endpoint Protection client is installedFalse
Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)24 hours (default)
Disable alternate sources (such as Windows Update, Microsoft Windows Server Update Services or UNC shares) for the initial definition update on client computersTrue


Refer to the following link on description for each setting:
http://technet.microsoft.com/en-us/library/hh508770.aspx



With the following settings in place:
  • SCEP will be installed on an end user computing device that has SCCM Installed
  • The command that SCCM uses for the SCEP client installation is "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /noreplace /NoSigsUpdateAtInitialExp /policy "C:\Windows\CCM\EPAMPolicy.xml"
  • Here EPAMPolicy.xml refers to the SCCM policy being pushed to the client. SCCM Policy will be covered in the subsequent section
  • The EndpointProtectionAgentLog file on http://www.blogger.com/ shows the following entries:
    • End point is triggered by WMI notification
    • It installs the command line "SCEPINstall.exe"
Other guides:
  1. Setup End Point Protection Server
  3. Configure and Install Antivirus Definition
  4. Validate SCEP Settings on Client
  5. Configure Alerts in SCEP
    6. Configure and Install SCEP Client AgentConfigure and Install SCEP Antimalware Policies
Posted by at

16 comments:

  1. eriJuly 19, 2012 at 8:02 AM

    how can i uninstall SCEP in a similar way its installed? i do not want to use WINDOWS GPO for this uninstall.

    Please help

    ReplyDelete
  2. UnknownJuly 27, 2012 at 1:23 AM

    Hi Eri,

    You will have to create an uninstall package and deploy on collecton of computers that do not need SCEP agent.

    Else, if you know the clients upfront where SCEP should not be installed, then simply exclude those clients in the collection where you enable the above mentioned client agent settings. Or you can do a hybrid of both these solutions i.e.

    1) Create a collection called NOSCEP
    2) Add all clients that should not have SCEp to this collection
    3) Deploy the SCEPUninstall package to this collection
    4) Exclude the NOSCEP collection from the client agent setting that deploys SCEP agent as mentioned above :)

    ReplyDelete
  3. AnonymousFebruary 28, 2013 at 2:21 AM

    Hi,
    after reading your blog and setup up this in a testlab I found a problem with the Scep Definition Update function inside SCCM 2012. If I use the Microsoft Web Site for the definition updates everything works fine. Whenever I use the default SCEP Policy (Update Order like, SCCM 2012, WSUS the MS Website) the client can't see update from SCEP. the normal Update for Windows OS and so on works fine.

    please help me.

    ReplyDelete
  4. UnknownJuly 18, 2014 at 3:38 AM

    It showing this error while scep installation automatically
    Unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed. EndpointProtectionAgent 17-07-2014 15:31:14 3688 (0x0E68)

    ReplyDelete
  5. AnonymousMarch 16, 2015 at 4:57 PM

    I have same error too [Unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed.

    Everything was working fine, just stopped a few days ago automatic instillation of EP. Please help me with that isseu.

    ReplyDelete
  6. AnonymousMarch 30, 2022 at 7:39 AM

    It Evangelist: 2.0 Configure And Install Scep Client Agent >>>>> Download Now

    >>>>> Download Full

    It Evangelist: 2.0 Configure And Install Scep Client Agent >>>>> Download LINK

    >>>>> Download Now

    It Evangelist: 2.0 Configure And Install Scep Client Agent >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete
  7. Doğu665October 6, 2023 at 1:28 PM

    ağrı
    van
    elazığ
    adıyaman
    bingöl
    ZHP

    ReplyDelete
  8. CyberSeeker007October 7, 2023 at 7:13 AM

    görüntülüshow
    ücretli show
    W0E

    ReplyDelete
  9. BinaryGoddessOctober 19, 2023 at 5:04 PM

    giresun evden eve nakliyat
    balıkesir evden eve nakliyat
    maraş evden eve nakliyat
    kastamonu evden eve nakliyat
    kocaeli evden eve nakliyat
    TYJN1G

    ReplyDelete
  10. C80D4AmberCBEE5November 11, 2023 at 3:25 PM

    B2740
    Adıyaman Evden Eve Nakliyat
    Çankırı Evden Eve Nakliyat
    Kars Lojistik
    Keçiören Fayans Ustası
    Çorlu Lojistik
    Iğdır Şehir İçi Nakliyat
    Gate io Güvenilir mi
    Ankara Asansör Tamiri
    Tokat Parça Eşya Taşıma

    ReplyDelete
  11. 659CEJordanFC247November 18, 2023 at 6:00 PM

    069FC
    order anapolon oxymetholone
    buy turinabol
    pharmacy steroids
    masteron for sale
    order testosterone enanthate
    buy winstrol stanozolol
    order steroid cycles
    for sale dianabol methandienone
    winstrol stanozolol for sale

    ReplyDelete
  12. 60F5EBruceFEC27December 23, 2023 at 3:52 AM

    11256
    Bayburt Sesli Sohbet Siteleri
    tunceli kadınlarla sohbet
    canlı sohbet siteleri ücretsiz
    sohbet odaları
    Ankara Parasız Sohbet Siteleri
    kadınlarla sohbet
    en iyi rastgele görüntülü sohbet
    siirt sesli sohbet siteleri
    Aksaray Bedava Sohbet Uygulamaları

    ReplyDelete
  13. E4E46Megan43F18January 5, 2024 at 5:37 PM

    A8732
    Likee App Beğeni Satın Al
    Kwai Beğeni Hilesi
    Gate io Borsası Güvenilir mi
    Parasız Görüntülü Sohbet
    Lunc Coin Hangi Borsada
    Yeni Çıkacak Coin Nasıl Alınır
    Twitter Beğeni Hilesi
    Okex Borsası Güvenilir mi
    Soundcloud Reposts Satın Al

    ReplyDelete
  14. 02C8EEugeneB2FE7February 5, 2024 at 2:32 PM

    FDA42
    trezor suite
    solflare
    defilama
    onekey
    arculus
    ledger wallet
    uniswap
    eigenlayer
    shiba

    ReplyDelete
  15. AnonymousSeptember 22, 2024 at 6:30 AM

    Thank You and I have a swell supply: How Much Home Renovation Can I Afford house renovation and design

    ReplyDelete
  16. AnonymousNovember 30, 2024 at 11:56 PM

    <a href="https://etaleya.com/%d8%b4%d8%b1%d9%83%d8%a9-%d9%85%d9%83%d8%a7%d9%81%d8%ad%d8%a9-%d8

    ReplyDelete

Subscribe to: Post Comments (Atom)