Configuring and Viewing FEP Group Policy Settings

Applies To: Forefront Endpoint Protection

You can view and configure Forefront Endpoint Protection settings by using the Group Policy Object Editor. Each policy setting contains parameter information specific to the feature that you want to configure. Typically you will access the Group Policy Object Editor by selecting a Group Policy object (GPO) from within the Group Policy Management Console (GPMC), and then selecting the edit action for that object. For more information about the Group Policy Object Editor, see Ways to open Group Policy Object Editor (https://go.microsoft.com/fwlink/?LinkId=203938). For information about opening the Group Policy Object Editor as an MMC snap-in, see Open Group Policy Editor as an MMC snap-in (https://go.microsoft.com/fwlink/?LinkId=203939).

To view FEP Group Policy settings

1. Open the Group Policy Object Editor and navigate to Local Computer Policy\Computer Configuration\Administrative Templates\System\Forefront Endpoint Protection 2010.

2. Expand Forefront Endpoint Protection 2010, and click the folder that contains the settings that you want to view.

   For more information about each policy setting, in the right pane, double-click the setting that you want to view in order to open the configuration dialog box and view the additional policy setting information.

   Important

   When viewing policy settings, the Group Policy Object Editor, the GPMC, and the RSoP snap-in may incorrectly indicate that some values are disabled when they are actually enabled. In order to determine whether a setting is enabled, you must open each setting individually for additional information, and then view the value. If the value is present, the setting is enabled.

To edit FEP Group Policy object settings

1. Open Group Policy Management.

2. In the console tree, double-click Group Policy Objects in the forest and domain containing the GPO that you want to edit.

3. Right-click the GPO, and then click Edit.

   Note

   You must have Edit permissions for the GPO that you want to edit.

4. In the Group Policy Object Editor console, expand Computer Configuration\Administrative Templates\System\Forefront Endpoint Protection 2010, and then click the folder that contains the settings that you want to configure.

5. In the right pane, double-click the setting that you want to configure in order to open the configuration dialog box.

6. Configure the settings that you want to deploy to computers running the FEP client software, and then click OK.

   Important

   When viewing policy settings, the Group Policy Object Editor, the GPMC, and the RSoP snap-in may incorrectly indicate that some values are disabled when they are actually enabled. In order to determine whether a setting is enabled, you must open each setting individually for additional information, and then view the value. If the value is present, the setting is enabled.

   Warning

   It is recommended that the Turn on network protection against exploits of known vulnerabilities setting not be enabled for policies assigned to servers.

7. Deploy the policy settings to computers running the FEP client software. For more information about how to deploy Group Policy, see Planning and Deploying Group Policy (https://go.microsoft.com/fwlink/?LinkId=203940).