Remediating FEP clients with protection disabled
As some of you might have noticed there is no Tamper protection with Forefront Endpoint Protection 2010. So how would you handle this in your environment ?
Usually the issue comes if you have your users as local administrators on their PCs they have full control over their PC.
So there are different ways to go around this. My first way to handle this is to configure a GPO that controls the Microsoft Antimalware Service. And set the Service to automatically start and only your real administrators to have the Start and Stop Rights.
My option 2 is to have a advertisement with a reoccurring script or startup script to set the service to start automatically and start the service it if its stopped. The target is the Built-in Collection
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootcimv2")Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = ‘MsMpSvc’")
For Each objService in colServiceList
objService.ChangeStartMode("Automatic")
Wscript.Sleep 5000
errReturnCode = objService.StartService()
Next
ConfigMgr 2007, FEP | admin | 
April 7, 2011 20:20
Subscribe 