policy not applying to computers ot on my network when manually applied.
-
20 июня 2012 г. 16:24
I have several users who are not on our network and are not normally. When I get onto their machines to install Forefront I apply the policy at the same time, but it never takes. I end up having to go into it and adding in all of the exceptions myself. I usually do the install through the command line so I can do the policy at the same time I us this line:
fepinstall.exe /policy c:\forefront\policies\policyname
When that doesn't work I can still navigate to the security client and try the 'ConfigSecurityPolicy' command and it still doesn't apply the policy.
Is there another way to force them to accept the policy?
Mike in IT
Все ответы
-
20 июня 2012 г. 16:34
Hi,
Are there any errors recorded in the FEP logfiles? http://technet.microsoft.com/en-us/library/gg477022.aspx
Regards,
Jörgen-- My System Center blog ccmexec.com -- Twitter @ccmexec
-
20 июня 2012 г. 16:40Not that I'm aware of, but I don't have constant access to these computers to check for sure. I've done this install this way on a few problem machines on our network without this happening, it's just the computers not on our network. I've installed it on several and I have a few more to go in the next couple of days, but I don't want to have to keep typing the exceptions in every time!
Mike in IT
-
20 июня 2012 г. 17:59
As a temporary workaround, you could export the FEP exclusion settings from the registry on a known good machine and import the reg files on the problem machines. This would save you from manual entry. They will be located in one of the following areas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions
- Помечено в качестве ответа Mike in IT 25 июня 2012 г. 19:39
-
20 июня 2012 г. 18:08I don't do much with editing the registry,so if this is a dumb question I apologize. Can I export the files and send them over to them and have them import them. I mean all they would have to do is go to file in their registry editor and hit import and they would be put into the correct places? They don't have to navigate to the place where they need to go do they?
Mike in IT
-
20 июня 2012 г. 18:23
When you export from regedit, it creates a .reg file. To import it on another machine, you just have to copy the .reg file to the local system and double-click it. So yeah, the scenario you describe should work fine.
- Помечено в качестве ответа Mike in IT 25 июня 2012 г. 19:38
-
20 июня 2012 г. 18:26Thanks, I'll try it and let you know how it goes.
Mike in IT
-
22 июня 2012 г. 1:29Модератор
Hi Mike,
Thank you for the post.
Please ensure you copy fepinstall.exe to the computer local disk and run FEP install command with elevated permission.
http://technet.microsoft.com/en-us/library/gg412485.aspxTo use ConfigSecurityPolicy.exe update the policy, it need to wait for three minutes to update policy in user interface.
http://technet.microsoft.com/en-us/library/gg417152.aspxIf there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
- Помечено в качестве ответа Mike in IT 25 июня 2012 г. 19:38
-
25 июня 2012 г. 19:38
Okay, so I've taken care of the last of the installs without a problem. I had copied the registry keys of some of the successful installs just incase, but I ended up not needing them.
Thanks for all the help.
Mike in IT
.png)
