locked
EMET 4.1 (Update 1) - GPO Settings RRS feed

  • Question

  • We have successfully deployed EMET 4.1 Update 1 via SCCM and now I am controlling EMET settings with GPO using the EMET GPO templates from the Deployment folder. However, after group policy is set, you have to use the command "emet_conf.exe --refresh" to update EMET mitigation settings on each machine. Until and unless you do this on each machine, the processes aren't protected.  Also, every time one makes any changes to the GPO setting, "emet_conf.exe --refresh" command has to be run on 100's of machines in our environment.  Is there any other way for it to take effect without touching a machine besides having a scheduled task etc. as mentioned in the guide?  You'd imagine once you set it in group policy, doing "gpupdate /force" or during the next time when group policy is applied, the settings should take effect.....else what would be the point of using group policy to control these settings?? Any input is greatly appreciated.

    Friday, May 30, 2014 8:39 PM

All replies

  • In the same GPO, you can create a shutdown script that runs emet_conf.exe --refresh.  That way when the system is rebooted it gets the group policy applied that is already pushed out.  I'm not aware of the reason for this either.
    Monday, June 23, 2014 6:57 PM