System Center Endpoint Protection *Standalone*

I am about to distribute SCEP to users who are not being managed by our SCCM infra, but we need to provide them antimalware software. One thing I noticed is as soon as I install SCEP on a machine, All settings are grayed out so users can change the settings.
On settings page of SCEP, it says 'For your protection, some settings are managed by your security administrator"

How can I unlock the settings so that users can have full control to the settings or is it how SCEP work, supposed to be managed by SCCM?
Sungpill HanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
SSEP is part of System Center Configuration Manager so it is managed by SCCM
0
Sungpill HanAuthor Commented:
So do you mean if SCEP is installed without SCCM, it won't be able to be modified by users and there's no workaround to unlock settings?
0
David Johnson, CD, MVPOwnerCommented:
correct scepm is a MANAGED endpoint protection, otherwise just stick with windows defender
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Sungpill HanAuthor Commented:
When I create a custom Anti-malware policy allowing user to modify settings and export as a xml file then use it with scepinstall exe, it unlocks settings 60 mins after installation.

I  did only one test, will share after more testing.

Since Windows 8, Windows defender is built-in and free for large business. So licensing term " Microsoft security essentials is free up to 10 clients' is maybe outdated. If it is maybe I can install MSE instead. I will check this licensing issue with MS, but if you already know please share.
0
McKnifeCommented:
" 'Microsoft security essentials is free up to 10 clients' is maybe outdated" - no. MSE is a different product than windows defender. MSE is for win7 and is the sister product/predecessor of windows defender. With win8 and 10, you can use defender in the enterprise on as many as you like. If you have win7, only 10 instances may use MSE.
0
Sungpill HanAuthor Commented:
I already know the part . Have you contacted and confirmed the licensing term is still valid after win8 was released with Windows defender?
0
McKnifeCommented:
What was unclear about what I wrote? The restriction "10" is for MSE, a downloadable program for win7. It does not apply to defender, which is built-in. With defender, there are no restrictions.
0
Sungpill HanAuthor Commented:
Everything clear, your comment just didn't help much. That's all about.
0
McKnifeCommented:
Please explain what you desire. In clear words.
It was my impression that you needed confirmation if you could use defender/MSE legally network wide. Defender: yes, MSE: not moore than ten. If the licensing terms for MSE had changed? No.
0
Sungpill HanAuthor Commented:
I was able to unlock the grayed out setting options using XML Policy file.
1. Create a AntiMalware policy in SCCM with allowing everything to users
2. Export the policy as XML
3. Modify the XML policy file as you like. ex) Change ScheduleDay from 6 (Friday) to 1 (Monday) and change ScheduleTime from 600 (10AM) to 540 (9AM). For complete list of parameter and values, please refer to https://technet.microsoft.com/en-us/library/bb418783.aspx?f=255&MSPPError=-2147217396
4. SCEPInstall.exe /policy C:\<path to files>\ep_defaultpolicy.xml

For licensing issue, I confirmed that as long as you have enough client license for SCCM, it's OK to install.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sungpill HanAuthor Commented:
No one suggested solution to unlock settings of SCEP standalone
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.