System Center Endpoint Protection *Standalone*

I am about to distribute SCEP to users who are not being managed by our SCCM infra, but we need to provide them antimalware software. One thing I noticed is as soon as I install SCEP on a machine, All settings are grayed out so users can change the settings.
On settings page of SCEP, it says 'For your protection, some settings are managed by your security administrator"

How can I unlock the settings so that users can have full control to the settings or is it how SCEP work, supposed to be managed by SCCM?
Sungpill HanAsked:
Who is Participating?
 
Sungpill HanAuthor Commented:
I was able to unlock the grayed out setting options using XML Policy file.
1. Create a AntiMalware policy in SCCM with allowing everything to users
2. Export the policy as XML
3. Modify the XML policy file as you like. ex) Change ScheduleDay from 6 (Friday) to 1 (Monday) and change ScheduleTime from 600 (10AM) to 540 (9AM). For complete list of parameter and values, please refer to https://technet.microsoft.com/en-us/library/bb418783.aspx?f=255&MSPPError=-2147217396
4. SCEPInstall.exe /policy C:\<path to files>\ep_defaultpolicy.xml

For licensing issue, I confirmed that as long as you have enough client license for SCCM, it's OK to install.
0
 
David Johnson, CD, MVPOwnerCommented:
SSEP is part of System Center Configuration Manager so it is managed by SCCM
0
 
Sungpill HanAuthor Commented:
So do you mean if SCEP is installed without SCCM, it won't be able to be modified by users and there's no workaround to unlock settings?
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
David Johnson, CD, MVPOwnerCommented:
correct scepm is a MANAGED endpoint protection, otherwise just stick with windows defender
0
 
Sungpill HanAuthor Commented:
When I create a custom Anti-malware policy allowing user to modify settings and export as a xml file then use it with scepinstall exe, it unlocks settings 60 mins after installation.

I  did only one test, will share after more testing.

Since Windows 8, Windows defender is built-in and free for large business. So licensing term " Microsoft security essentials is free up to 10 clients' is maybe outdated. If it is maybe I can install MSE instead. I will check this licensing issue with MS, but if you already know please share.
0
 
McKnifeCommented:
" 'Microsoft security essentials is free up to 10 clients' is maybe outdated" - no. MSE is a different product than windows defender. MSE is for win7 and is the sister product/predecessor of windows defender. With win8 and 10, you can use defender in the enterprise on as many as you like. If you have win7, only 10 instances may use MSE.
0
 
Sungpill HanAuthor Commented:
I already know the part . Have you contacted and confirmed the licensing term is still valid after win8 was released with Windows defender?
0
 
McKnifeCommented:
What was unclear about what I wrote? The restriction "10" is for MSE, a downloadable program for win7. It does not apply to defender, which is built-in. With defender, there are no restrictions.
0
 
Sungpill HanAuthor Commented:
Everything clear, your comment just didn't help much. That's all about.
0
 
McKnifeCommented:
Please explain what you desire. In clear words.
It was my impression that you needed confirmation if you could use defender/MSE legally network wide. Defender: yes, MSE: not moore than ten. If the licensing terms for MSE had changed? No.
0
 
Sungpill HanAuthor Commented:
No one suggested solution to unlock settings of SCEP standalone
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.