Converting FEP Policies to Group Policy

Applies To: Forefront Endpoint Protection

You can convert policy settings contained in configured FEP policies to the format that is used by Group Policy. In order to convert policies, you must first download and install the Forefront Endpoint Protection Group Policy Tool. This tool can be obtained from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=207729) as part of the FEP 2010 Group Policy Tools download package. The package also contains ADMX and ADML files. Although these files are not required in order to use the Forefront Endpoint Protection Group Policy Tool, they are required in order to view or edit the GPO policy settings. For more information about viewing and editing policy settings, see Configuring and Viewing FEP Group Policy Settings. For information about merging policy settings by using the Forefront Endpoint Protection Group Policy Tool, see Merging Settings from Multiple Policy Files.

To extract and install the Forefront Endpoint Protection Group Policy Tool

  1. Obtain the Forefront Endpoint Protection Group Policy Tool. This tool can be obtained from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=207729). Copy it to your local computer.

  2. Double-click fep2010grouppolicytools.exe to extract the files from the package.

    The Forefront Endpoint Protection Group Policy Tools package includes the following files:

    • fep2010.adml

    • fep2010.admx

    • fep2010gptool.exe

  3. Locate and double-click fep2010gptool.exe to open the Forefront Endpoint Protection Group Policy Tool.

To convert FEP policy settings to Group Policy

  1. Locate and double-click fep2010gptool.exe to open the Forefront Endpoint Protection Group Policy Tool.

  2. On the Import tab, select the Domain and the name of the GPO in that domain that you want to populate with preconfigured FEP 2010 policy settings.

  3. Click Select Policy File. Locate and select the .xml policy file that contains the settings that you want to import to the GPO.

  4. Verify that the Clear existing Forefront Endpoint Protection settings before import check box is selected, and then click OK to import the settings.

    You can then edit and view the policy settings by using gpedit.msc. For more information about viewing and editing policy settings, see Configuring and Viewing FEP Group Policy Settings.

    Warning

    Selecting the Clear existing Forefront Endpoint Protection settings before import check box will remove all FEP settings contained in the selected GPO and replace them with the imported FEP policy settings. If you do not want to clear all of the existing FEP policy settings from the GPO, do not select this check box.

To add ADMX and ADML files locally in order to view or edit policy settings

  1. Navigate to the location where you extracted the ADMX and ADML files in the previous procedure.

  2. Copy the ADMX file to the %systemroot%\PolicyDefinitions\ folder.

  3. Copy the ADML file to the %systemroot%\PolicyDefinitions\ language folder: for example, en-US.

    Note

    You must restart the Group Policy Object Editor after performing the preceding steps.

    For more information about editing GPOs by using ADMX files, see Editing the Local GPO Using ADMX files (https://go.microsoft.com/fwlink/?LinkId=203368). For more information about editing domain-based GPOs by using ADMX files, see Editing Domain-Based GPOs Using ADMX files (https://go.microsoft.com/fwlink/?LinkId=203369).