While the requirements of running SCCM/MEMCM in full SSL may be less required theses days with the Cloud Management Gateway being so effective with remote computers management, running the WSUS – Software Update point in SSL is likely to show up as a requirement whenever doing a security audit of your environment. In this post, we will detail the required steps, from the certificate template creation to the client validation on enabling SSL for WSUS and the SCCM Software Update Point. Requirements Any SCCM version Communication on port 8531 must be open on your Firewall Certificate template Creation The first step to enable SSL communication is to create a server certificate for your server. On the server that is running the Certification Authority, open the Certification Authority console (certsrv.mmc), right-click Certificate Templates and select Manage The Certificate Templates management console opens Right-click the Web Server template and then select Duplicate … Read More
Managing Windows 10 Endpoint Protection with SCCM 2012
Windows 10 is out since July 29th, now you want to manage Windows 10 Endpoint Protection with SCCM 2012. You have probably noticed that Windows 10 comes natively with Windows Defender. Instead of Endpoint Protection, it is now the default anti-malware managed by SCCM 2012. Actually, the Endpoint Protection agent is installed locally in Programs & Features but it’s using the Windows Defender UI with a thin layer of Endpoint Protection to manage policies and malware definitions. If you have already deployed Windows 10 in your environment, you might have encountered an issue where your Endpoint Protection policies are applied but the malware definitions are not updated. Some have found a way to work around this problem by extracting the Endpoint Protection installer and make Endpoint Protection malware definitions automatically update. Unfortunately, this TechNet article is the only official documentation but it’s mentioning only Windows 10 Technical Preview, no word about Windows 10 RTM. Might only be a matter of updating their documentation. For … Read More
How to install Software Update Point in SCCM 2012 R2
In this part of SCCM 2012 and SCCM 1511 blog series, we will describe how to install SCCM 2012 R2 or SCCM 1511 Software Update Point (SUP). Role Description The SUP integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients. This is not a mandatory Site System but your need to install a SUP if you’re planning to use SCCM as your patch management platform. SCCM 2012 SP1 (and thus R2) integrates new features to the Software Update Point that are well documented in this Technet Article. Site System Role Placement in Hierarchy This Site System is a site-wide option. It’s supported to install this role on a Central Administration Site, child Primary Site, stand-alone Primary Site and Secondary Site. When your hierarchy contains a Central Administration Site, install a SUP and synchronizes with Windows Server Update Services (WSUS) before you install a SUP at any child Primary Site. When you install … Read More