When a client is installed with System Center Endpoint Protection, user can uninstall SCEP if the user had admin right to the local machine. How to block uninstallation of SCEP? This is Microsoft product so as i guess, if the user has admin right, he can do whatever he wants. Is there a way to block even the admin to uninstall SCEP?
And once SCEP is uninstalled, the client doesn't receive reinstallation for SCEP. It just remains unprotected. Why does SCCM not reevaluate the applied Client Settings and reinstall SCEP? And the status for SCEP is still 'managed' for 2 hours in CAS server.