If you have setup your SCCM environment with the Microsoft product, System Centre Endpoint Protection (SCEP) and have deployed the SCEP agent to your client computers the next task you need to complete is the creation of an Automatic Deployment Rule for the antivirus updates. Automatic Deployment Rules as the name suggests, automate the deployment of updates and definitions to your environment. You can set deadlines when things should install, maintenance windows when reboots and installation should occur and also the download of Windows updates ( you can specify products you would like updates to download for and what severity ie critical, important and security) and SCEP definitions without any manual intervention.
Open your SCCM 2012 console and navigate to Software Library – Overview – Software Updates – Automatic Deployment Rules.
Right click Automatic Deployment Rules and then choose Create Automatic Deployment Rule
Now specify a descriptive name for the Automatic Deployment Rule, a description that will easily identify what this ADR is for and then choose an appropriate template from the dropdown box (I have chosen the standard definitions updates). Then Click on Next
I left the settings as default on this page as I want to automatically approve any license agreements and dont have a requirement to wake up client computers. If you want to deploy the SCEP updates after hours while your client computers are off and wish to wake them up for the client updates (this depends on if your environment has Wake On Lan capability) choose the Wake On Lan checkbox.
Make sure that the search criteria is correct, that the Product says Forefront Endpoint Protection 2010 or Windows Defender and that the Update Classification shows Definition Updates and choose next.
Choose how often the Software Update Point synchronises.
Now we can configure when the updates are available to be installed on client computers. In the example below, I left this as the default 1 Hour. You can choose what ever is suitable for your environment.
The following screen is where you set whether or not you will notify the users that there is a new SCEP definition update available for their machines. Most often than not, it is best to suppress these notifications from the end user as there could be multiple updates released daily. Notifying them every few hours would surely annoy them, which in turn they will annoy the Administrator.
If you have System Centre Operations Manager (Microsoft’s SCOM) you can choose whether any alerts are enabled / disabled and if required, what conditions to generate an alert
Now we are up to the Download Settings page. Choose the option that is suitable to your environment. It is always a good idea, if you have lots of remote sites without an SCCM distribution Point available, to allow the clients to share content with other clients on the same subnet.
On this page, we are creating a new deployment package for the Definitions Updates. Again, it is good practice to give a descriptive name and description that is easily identifiable to others. Also, choose a source location with enough storage to store the definitions.
Choose which distribution points you would like the update definitions to be shared to and from. I choose the All Distribution Points as I want the updates available from everywhere in the environment.
If you are downloading the definition updates manually, you can set the location for where SCCM should look for new definitions. If not, choose Download Software Updates from the Internet and click on Next.
Specify which languages you wish the SCEP definition update to deploy as. You can choose multiple languages as required.
Review the Summary page to confirm you are happy with the settings you have chosen. Once you are satisfied with your selection, click Next.
The Automatic Deployment Rule will quickly run through some checks, and once completed, click on Close.
That is all there is too it. The Automatic Deployment Rule will run with all the settings you have selected. If you ever wish to manually run the rule, right click it and choose run now.
Click on the link to see how to create an SCCM Automatic Deployment Rule for Windows Updates.