About Configuring Clients by Using Policies

Applies To: Forefront Endpoint Protection

Client configuration in Forefront Endpoint Protection can be accomplished in a variety of ways. While it is possible to configure each client by logging on locally, this is typically not practical and can be labor intensive. Additionally, it is a challenge to configure consistent settings for large numbers of clients if you attempt to configure all of the desired settings locally.

In order to help make client configuration consistent and reliable, you are provided with two ways to author policies and four ways to deploy policies. The way you elect to configure clients can be based on your existing environment or you may want to create the necessary environment in order to deploy client settings based on factors such as policy merge behavior or ease of deployment.

If you are running a server operating system, you can use preconfigured policy templates that contain optimized settings. Additionally, you can use the Forefront Endpoint Protection Group Policy Tool in order to convert policies that are in XML format into a format that can be used by Group Policy. You can also use this tool to merge existing policies into a single policy or to export the FEP configuration settings from a Group Policy object (GPO) into a policy that can be applied to a computer or server locally or by script. For more information about the Forefront Endpoint Protection Group Policy Tool, see Converting FEP Policies to Group Policy. For more information about preconfigured policy templates for FEP on Configuration Manager, see Creating a Policy. For more information about preconfigured policy templates for the Forefront Endpoint Protection Security Management Pack, see About Preconfigured Policy Templates.

Creating and Configuring Policies

Authoring policies consists of both creating a policy and then configuring the settings that you want to deploy to the clients that will receive the policy. Each authoring method produces an output in a different format. The method by which you author a policy may determine the method by which you can deploy a policy. The two methods available for authoring policies are Configuration Manager with Forefront Endpoint Protection installed, and by using the Group Policy Editor along with the FEP ADMX. For more information about creating and configuring policies by using Configuration Manager with Forefront Endpoint Protection installed, see FEP Policies. For more information about creating policies by using the Forefront Endpoint Protection Group Policy Tool, see Using Group Policy with FEP. For more information about the policy settings that are available through the FEP ADMX, see the FEP ADMX Reference.

You can author policies by using the following methods.

Deploying Policies

In order to apply configurations to clients, Forefront Endpoint Protection provides four ways to deploy policies. You can decide on a single way to deploy policies or use a combination of ways. For example, if you typically use Group Policy to configure and deploy policies, you might want to continue to use that method in order to deploy FEP policies. Or, you may prefer to use Configuration Manager in order to manage your FEP client settings. Additionally, you might also have non-domain-joined servers that also must receive policy settings. You can install policy settings locally on those servers, or install them by using a script.

You can deploy policies by using the following methods.