How can I install the System Center Endpoint Protection client manually on master image?

Hello,

I want to install EndPoint Protection 2012 on our master image for imaging purposes. Now, here is a tricky scenario. We will use one master image for domain and non-domain computers. I want to install EndPoint protection client on the master image in a way that if I deploy it on non-domain computers, it should look for internet in regards to updates, but if I deploy it on a domain machine, it should look for our SCCM 2012 SP1 server.

Is this possible?
TAMUQITSAsked:
Who is Participating?
 
Helao MwapangashaConnect With a Mentor Data Centre: Server EngineerCommented:
Hi TAMUQITS

It is possible, you can download the ISO for FEP from MS volume licensing center, install it as a stand alone. This will mean that if a box is not on  the domain and it get the base image deployed to it, it can source updates for FEP from MS update. If a box get the gold image deployed to it and it is on the domain, Group policy and SCCM client settings should take over the behavior of FEP.

I would deploy two boxes and test, one on the domain and the other as standalone using the same Gold image.

http://www.css-security.com/blog/how-to-perform-a-manual-fep-client-installation/
http://blogs.msdn.com/b/minfangl/archive/2011/11/15/manage-fep-agents-with-or-without-sccm.aspx
0
 
TAMUQITSAuthor Commented:
Hi  Helao,

Thank you for your reply. In fact, I want to clarify a couple of things. First, we got SCCM 2012 SP1 with EndPoint Protection license; so, FEP is no more. Now it is called System Center EndPoint Protection (SCEP) which is integrated in SCCM 2012 itself.

I have already seen the first link that you shared. But my question is if I deployed the same master image (where SCEP client is installed manually) to domain computer, will it start pulling policy from our SCCM 2012 server.
0
 
Helao MwapangashaData Centre: Server EngineerCommented:
Hi TAMUQITS

Thanks for the clarification. In my experience it should be able to, because as long as it is in a OU that is part of SCCM discovery and you have set the option to auto deploy the SCCM agent to new discovered computers, the SCCM policies should apply to SCEP
0
All Courses

From novice to tech pro — start learning today.