Friday, September 21, 2012 6:03 PM
we have a weired scenario.
we have 100 + servres with fep client installed and they all are out dated with definitons.
we dont have sccm/scom and internet set due to restrictions so it cannot take any updates directly from microsoft update.
all i can think is to downlowd the definition update and deploy and create software package in gpo and push.
but the defnintions are exe format and gpo suppots only msi and also it has only two options assigned and publish but i want the updates to be installed directly .. and suggestions like how to install the defintions update via a simple GPO when user login in to server,.
we cannot use any template here due to restriction..
Friday, September 21, 2012 9:53 PMYes it's possible by GPO. You have to download FEP2010grouppolicytools http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=13088 then you can use it for SCEP 2012 http://blogs.technet.com/b/configmgrteam/archive/2012/02/10/forefront-endpoint-protection-2010-group-policy-tool-is-unable-to-import-policy-files-exported-from-system-center-2012-endpoint-protection.aspx
- Marked As Answer by Rick TanModerator Friday, September 28, 2012 8:55 AM
Monday, September 24, 2012 8:22 AM
Hi Amig@. You could deploy the definition updates via WSUS (I think it is the best option) or put them into a shared folder. Just configure the client to use that sources (and that can be done through GPO)
The main difference between WSUS and Shared folder is that WSUS will do the job for you whilst the shared folder must be manually updated. Take a look at http://technet.microsoft.com/en-us/library/gg398041.aspx and http://blogs.technet.com/b/clientsecurity/archive/2010/09/16/using-a-script-to-automate-unc-definition-updates.aspx
// Raúl - I love this game
- Marked As Answer by Rick TanModerator Friday, September 28, 2012 8:54 AM