Block uninstallation of SCCM Endpoint Protection(SCEP)

When a client is installed with System Center Endpoint Protection, user can uninstall SCEP if the user had admin right to the local machine. How to block uninstallation of SCEP?  This is Microsoft product so as i guess, if the user has admin right, he can do whatever he wants. Is there a way to block even the admin to uninstall SCEP?

And once SCEP is uninstalled, the client doesn't receive reinstallation for SCEP. It just remains unprotected. Why does SCCM not reevaluate the applied Client Settings and reinstall SCEP? And the status for SCEP is still 'managed' for 2 hours in CAS server.
Sungpill HanAsked:
Who is Participating?
 
RobertConnect With a Mentor System AdminCommented:
If the user is an admin there is no way to block the uninstall that I am aware of.

You could hide it from the programs and features list so the user would need to know how to uninstall it via command line.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
locate system center install and set the systemcomponent dword value to 1 and it should hide from list.

If the value does not exist create it.

i.e. for my machine (windows 10)
REG ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client” /v SystemComponent /t REG_DWORD /d 1 /f

Open in new window

0
 
RobertSystem AdminCommented:
It should reevaluate the policy. check your client settings policy and under endpoint protection check that "Allow endpoint protection client installation and restarts outside maintenance window. " is set to yes. also check that the policy is applying to the machine if it is already set.
Capture.PNG
0
 
Sungpill HanAuthor Commented:
Yes and yes. But it takes 30 mins-2 hours to get it back.

I think there is no way to block uninstallation if a user has local admin rights.
0
 
Sungpill HanAuthor Commented:
Robert, thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.