SCEP Definition Automatic Deployment Rule in SCCM 2012 R2
If you have setup your SCCM environment with the Microsoft product, System Centre Endpoint Protection (SCEP) and have deployed the SCEP agent to your client computers the next task you need to complete is the creation of an Automatic Deployment Rule for the antivirus updates. Automatic Deployment Rules as the name suggests, automate the deployment of updates and definitions to your environment. You can set deadlines when things should install, maintenance windows when reboots and installation should occur and also the download of Windows updates ( you can specify products you would like updates to download for and what severity ie critical, important and security) and SCEP definitions without any manual intervention.
Creating an Automatic Deployment Rule for System Centre Endpoint Protection (SCEP) definition updates in SCCM can help streamline the process of deploying and updating antivirus definitions across an organization. By automating the deployment of updates and definitions, IT administrators can save time and ensure that all client computers have the latest protection against known threats. With SCCM’s customization options, administrators can set deadlines for updates, specify maintenance windows, and even control the download of Windows updates. This ensures that updates are deployed efficiently and without any manual intervention, allowing administrators to focus on other important tasks.
Creating an Automatic Deployment Rule in SCCM 2012 R2 for SCEP Definition Deployment
Create Automatic Deployment Rule
Open your SCCM 2012 console and navigate to Software Library – Overview – Software Updates – Automatic Deployment Rules.
Right click Automatic Deployment Rules and then choose Create Automatic Deployment Rule
SCEP ADR – General Tab
Now specify a descriptive name for the Automatic Deployment Rule, a description that will easily identify what this ADR is for and then choose an appropriate template from the dropdown box (I have chosen the standard definitions updates). Then Click on Next
SCEP ADR – Deployment Settings Tab
I left the settings as default on this page as I want to automatically approve any license agreements and dont have a requirement to wake up client computers. If you want to deploy the SCEP updates after hours while your client computers are off and wish to wake them up for the client updates (this depends on if your environment has Wake On Lan capability) choose the Wake On Lan checkbox.
SCEP ADR – Software Updates Tab
Make sure that the search criteria is correct, that the Product says Forefront Endpoint Protection 2010 or Windows Defender and that the Update Classification shows Definition Updates and choose next.
SCEP ADR – Evaluation Schedule Tab
Choose how often the Software Update Point synchronises.
SCEP ADR – Deployment Schedule Tab
Now we can configure when the updates are available to be installed on client computers. In the example below, I left this as the default 1 Hour. You can choose what ever is suitable for your environment.
SCEP ADR – User Experience Tab
The following screen is where you set whether or not you will notify the users that there is a new SCEP definition update available for their machines. Most often than not, it is best to suppress these notifications from the end user as there could be multiple updates released daily. Notifying them every few hours would surely annoy them, which in turn they will annoy the Administrator.
SCEP ADR – Alerts Tab
If you have System Centre Operations Manager (Microsoft’s SCOM) you can choose whether any alerts are enabled / disabled and if required, what conditions to generate an alert
SCEP ADR – Download Settings Tab
Now we are up to the Download Settings page. Choose the option that is suitable to your environment. It is always a good idea, if you have lots of remote sites without an SCCM distribution Point available, to allow the clients to share content with other clients on the same subnet.
SCEP ADR – Deployment Package Tab
On this page, we are creating a new deployment package for the Definitions Updates. Again, it is good practice to give a descriptive name and description that is easily identifiable to others. Also, choose a source location with enough storage to store the definitions.
SCEP ADR – Distribution Points Tab
Choose which distribution points you would like the update definitions to be shared to and from. I choose the All Distribution Points as I want the updates available from everywhere in the environment.
SCEP ADR – Download Location Tab
If you are downloading the definition updates manually, you can set the location for where SCCM should look for new definitions. If not, choose Download Software Updates from the Internet and click on Next.
SCEP ADR – Language Selection Tab
Specify which languages you wish the SCEP definition update to deploy as. You can choose multiple languages as required.
SCEP ADR – Summary Tab
Review the Summary page to confirm you are happy with the settings you have chosen. Once you are satisfied with your selection, click Next.
SCEP ADR – Progress Tab
The Automatic Deployment Rule will quickly run through some checks, and once completed, click on Close.
SCEP ADR – Manual Invocation
That is all there is too it. The Automatic Deployment Rule will run with all the settings you have selected. If you ever wish to manually run the rule, right click it and choose run now.
Click on the link to see how to create an SCCM Automatic Deployment Rule for Windows Updates.
SCCM ADR for SCEP Conclusion
Creating an Automatic Deployment Rule in SCCM 2012 R2 for SCEP Definition Deployment is a straightforward process that can save administrators valuable time. Once you set up the Automatic Deployment Rule, the updates will deploy to your client computers without any manual intervention.