![]() In the anti-malware policy, all update sources are selected but the primary source is Configuration Manager. I created a automatic deployment rule to download "Forefront Endpoint Protection 2010" "Definition Updates" every 8 hours to a new UNC network share that is readable by "everyone" and set: "automatically deploy all software updates found by this rule, and approve any license agreements." I selected "run the rule after any software update point synchronization." I set the Software Update scan schedule to every 8 hours. I also created a custom client device setting to install SCEP and check for updates every 8 hours. I created a custom anti-malware policy and deployed it to my pilot group. WSUS 3.0 is also installed on the SCEP host, but no machines are pointed to it. I have a separate WSUS machine set up that is working well, so I haven't touched it. All roles are installed on a single SCCM machine, except the SQL server piece. ![]() I believe that they are receiving the updates from Microsoft Update/Windows, not from my SCCM machine, although I am not sure how to verify. ![]() They seem to go about 1 week without updates, and then they update themselves. This is a smallish install of about 250 machines.Ĭlient deployment is going well, but I can't get my clients to receive the definitions updates. We are switching to SCEP from Symantec Endpoint Protection. As a general rule, if someone has flair, they almost definitely know what they're talking about.
0 Comments
Leave a Reply. |