+ Post New Thread
Results 1 to 9 of 9
How do you do....it? Thread, Anyone use System Center Endpoint Protection 2012 (or 2010)? How do you secure it? in Technical; Hi all, We are currently in the process of deploying System Center Endpoint Protection via the .exe and GPO and ...
  1. #1

    Join Date
    Sep 2008
    Posts
    132
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    13

    Anyone use System Center Endpoint Protection 2012 (or 2010)? How do you secure it?

    Hi all,

    We are currently in the process of deploying System Center Endpoint Protection via the .exe and GPO and we are struggling to lock the client down quickly and simply!

    Does anyone have any tips and tricks to prevent students tampering with the software? I know we can tweak settings individually in Group Policy and then these get greyed out but seems a bit of a faff putting in every possible setting when we are quite happy with the vast majority of defaults.

    Thanks
    Michael

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,834
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    We lock it down using SCCM. I assume you dont have that?

    You can install it with an XML answer file that will prevent this i think.

  3. #3

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616
    SCCM2012 has Antimalware Policies under Endpoint Protection in the Assets & Compliance tab... about 5 minutes of work and works seamlessly. Didn't know you could manage SCEP without SCCM?

  4. #4

    Join Date
    Sep 2008
    Posts
    132
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    13
    We are licensed but have not installed yet... we are waiting until we get our new servers in the summer to go through the rather lengthy install process (or am I imagining it being worse than it actually is). I think you also need SCCM to create the XML file and, from what I believe, this will then only do the same as GP.

    Anyone got a nice way of doing this with GPO/standard windows security?

    Michael

  5. #5

    Join Date
    Sep 2008
    Posts
    132
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    13
    ok... couple of quick question regarding SCCM as I think that is the route we may need to go down:

    Does the install automatically create an SQL Express database and, for a school with ~300 clients is this good enough vs. full SQL.
    How much disk-space does the SCCM database take up?

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,834
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Databae space is 3MB a client. It doesnt automatically create a database im not sure if it will work with express.

    Do you not have SQL already for something else?

  7. Thanks to FN-GM from:

    CyBeRkId2002 (14th November 2012)

  8. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616
    It's not too bad in all honesty - windows-noob.com will be your friend for SCCM guides: System Center 2012 Configuration Manager Guides - Configuration Manager 2012 - www.windows-noob.com

    For 450+ devices here and an installation that's about 4 months in (and has deployed all my software to clients), my SQL folder is 11Gb. The drive I use for SCCM data has 42Gb space used at the moment, but we image with Fog rather than SCCM so add some onto that if you're planning on doing imaging as well.

    Your SCCM licence usually comes with a SQL licence to install a full SQL 2008R2. You can use a remote DB on another server if necessary.

  9. Thanks to sonofsanta from:

    CyBeRkId2002 (14th November 2012)

  10. #8

    Join Date
    Sep 2008
    Posts
    132
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    13
    just wanted to say thanks to the pair of you for the advice... gave me the kick up the a**e i needed to get SCCM installed and after a couple of days of work (they certainly dont make it easy to install - for a Microsoft System Management tool that is running on a Microsoft Database on a Microsoft operating system the process should have been a little more seamless!) we have all of our clients updated and running SCEP!

    Thanks!

    (as a side note I have a quick question incase it is something either of you have come across... during the install process I have got our SCCM server talking to WSUS on a different server. The clients are still updating directly from the other server as that is where they are currently directed in Group Policy. Is this the recommended policy or should updates be pushed out using SCCM? If so how is Windows Update configured on the clients? Is it disabled?)

  11. #9

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616
    Don't know what the recommendation is when WSUS is on another server, but I know you can't run it on the same server, in that instance you have to use SCCM. Bit of a different workflow to doing updates in SCCM although now I know what I'm doing with it (sort of) it's quicker to push out new updates.

    Updates are set to the FQDN of the SCCM server on the WSUS port (e.g. http://SCCM.domain.local:8530); the only update that Windows Update ever installs is the config manager client, then Software Center installs all the updates after that.

SHARE:
+ Post New Thread

Similar Threads

  1. Anyone using system center service manager help desk?
    By FN-GM in forum Enterprise Software
    Replies: 13
    Last Post: 12th December 2012, 11:34 AM
  2. Anyone use Overnet MIS block for Moodle or Remote Learner?
    By tj2419 in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 27th September 2012, 12:37 PM
  3. System Center Data Protection Manager
    By ful56_uk in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 28th March 2010, 06:57 PM
  4. Exchange or Zimbra - What do you use?
    By jack0w in forum Internet Related/Filtering/Firewall
    Replies: 21
    Last Post: 16th February 2010, 10:51 PM
  5. Replies: 6
    Last Post: 20th March 2007, 09:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •