Monday, May 21, 2012 2:08 PM
I'm currently testing a fep rollout and I'm having issues getting the initial signature updates to work via sccm. I have a sccm software updates package for FEP. I use the softwareupdateautomation.exe tool to update this package and the deployment managent. The package is distributed to all our DPs. So what I want to do now is using the sccm updates deployment method to do the initial installation of the signatures.
But after I run the FEP installation, the clients try to download via WSUS or MS Update.
The FEP policy is set via gpo, I use the following updates fallback order: InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC
I don't have WSUS server's in all my countries and I don't want the initial signature updates to cross my WAN connections.
How do you guys do it?
Monday, May 21, 2012 3:42 PM
Check out this thread:
- Marked As Answer by Sebastian Bammer Tuesday, May 22, 2012 9:49 AM
Tuesday, May 22, 2012 9:49 AM
thank's for the answer, I solved it as follows:
Created a task sequence that
- sets the "HKLM\Software\Polcies\Microsoft\Microsoft Antimalware\Signature Updates\FallbackOrder" to FileShares
- sets the "HKLM\Software\policies\Microsoft\Microsoft Antimalware\Signature Updates\DefinitionUpdateFileSharesSources" to a non existing share (\\localhost\null)
(My actual forefront settings get rolled out via gpo so they will be changed to a working config at the next gpo update.)
- installs FEP
- installs the initial definitions with the current mpam-fe.exe/mpam-fex64.exe
- runs a hardware inventory cycle (I have a collection that is based on fep being installed. This collection is the target for a deployment managemend that installs all new fep definitions).
- Marked As Answer by Rick TanModerator Wednesday, May 23, 2012 9:19 AM