a *machine policy update* will change the policy if the collection(s) it's in are targeted with antimalware policy
On Mon, Oct 7, 2013 at 7:27 PM, Mote, Todd <[email protected]> wrote: > Yea, I’ve been to the console place, the trouble is the date there for > last update is sometime in June, and the same polices applied in the > Endpoint Protection | Policies node all list 10/1 as the last update date. > I need the two to match, I would think. The registry is a good nugget, and > it has the policy as applying fine and last, but there’s no date there, so > because I didn’t change the name, only the contents of the policy, the > registry looks like it should I think. **** > > ** ** > > I guess my question is what mechanism delivers the policies? CCM client > policy update? Windows Update? I mean I can use notifications to start > scans or download definitions, but how does it get updated policy? And > where does it store the stuff in the policy, like definition update > location and/or the order? Or are we not meant to see any of that for > security reasons?**** > > ** ** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Niall Brady > *Sent:* Monday, October 7, 2013 12:06 PM > *To:* [email protected] > *Subject:* Re: [mssms] RE: SCEP 2012 policy reset/force download**** > > ** ** > > you probably know this already but you can see what policies are applied > to the client in the console here (policies applied)**** > > or via the registry (last applied policy) > > **** > > > > **** > > ** ** > > On Mon, Oct 7, 2013 at 6:21 PM, Lutz, Ken <[email protected]> wrote: > **** > > You can also run the ConfigSecurityPolicy.exe with the full path and name > of your xml policy file to apply a policy. > But you may have already known that…**** > > **** > > *Thanks,***** > > *Ken …***** > > **** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of * > [email protected] > *Sent:* Monday, October 07, 2013 9:15 AM**** > > > *To:* [email protected] > *Subject:* [mssms] RE: SCEP 2012 policy reset/force download**** > > **** > > I wish I had an easier way. **** > > It wasn’t a use case I got to test during the SP1 TAP though, maybe > someone else will respond.**** > > **** > > Specifying the policy file, you can even install on machines without the > configmgr agent on them, you just cant manage it without the configmgr > agent being present.**** > > **** > > *Christopher Catlett***** > > Consultant | Detroit**** > > *[image: MCTS_2013_small]***** > > * ***** > > *Sogeti USA***** > > Office 248-876-9738 |Fax 877.406.9647 **** > > 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456**** > > www.us.sogeti.com**** > > **** > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Mote, Todd > *Sent:* Monday, October 07, 2013 11:53 AM > *To:* [email protected] > *Subject:* [mssms] RE: SCEP 2012 policy reset/force download**** > > **** > > Yea, thought I would end up there, just didn’t know if there was something > to be done as an inbetween, like renamaing a folder and restarting services > or something.**** > > **** > > I hadn’t considered applying the policy explicitly though, so thanks for > that.**** > > **** > > Todd**** > > **** > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *[email protected] > *Sent:* Monday, October 7, 2013 10:16 AM > *To:* [email protected] > *Subject:* [mssms] RE: SCEP 2012 policy reset/force download**** > > **** > > Worst case you can uninstall scep and repush it.**** > > **** > > I would export the policy you want it to have, then run the below, to > reinstall scep over itself.**** > > **** > > SCEPInstall.exe /policy <policy_path_and_name>.xml**** > > **** > > *Christopher Catlett***** > > Consultant | Detroit**** > > *[image: MCTS_2013_small]***** > > * ***** > > *Sogeti USA***** > > Office 248-876-9738 |Fax 877.406.9647 **** > > 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456**** > > www.us.sogeti.com**** > > **** > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Mote, Todd > *Sent:* Monday, October 07, 2013 9:51 AM > *To:* '[email protected]' > *Subject:* [mssms] SCEP 2012 policy reset/force download**** > > **** > > I have a client that is not getting/downloading a changed SCEP policy. > How do you force it to redownload and apply the new one? Everything else > seems to be working fine. The clue that it’s not getting the right one, > because I can’t look to see the name of the policy anymore since SP1, is > that the old definition update location lists windows update erroneously, > and windowsupdate.log keeps trying to get to windows update to update > definitions. This client was getting the wrong delivery location from the > policy that was applied to it, and I’ve fixed that, but now the client > won’t get the new policy and still tries to get to windows update. The > client is on RFC 1918 space and can’t reach windows update.**** > > **** > > How can I look at the combined policy or remove and initiate a new > download?**** > > **** > > Todd**** > > **** > > **** > > **** > > **** > > ** ** > > ** ** > > ** ** > >
<<image001.jpg>>
