Sunday, January 10, 2010

Administrative template for Microsoft Security Essentials

Microsoft security essentials market

Small and very small home businesses usually do not need powerfull features such as protection analysis, but also NAP and SCCM integration provided by Microsoft Forefront Protection Suite 2010

In that case, it is economically more interesting to use Microsoft Security Essentials. This antispyware, antimalware, antirootkit Microsoft software is available for free since the 29th September of 2009.

Microsoft Security Essentials administrative template

However, if you are an IT administrator of your home-based business, manually configuring MSE settings for each desktop could be a pain in the head, because MSE does not support Group Policy settings. A workaround to this problem is to use the administrative template for Microsoft Security Essentials I created.

How is it achieved?

Well, keep in mind this solution is not as powerfull as a classic group policy administrative template, first because Security Essentials does not support group policy settings. It means we can not enforce settings in the same way we can with Forefront EndPoint protection. This administrative template actually applies registry values under HKLM\Software\Microsoft\... instead of HKLM\Software\Policies\Microsoft


What are the limitations?

Since MSE does not support group policy settings, it basically means an administrator / end-user would be able to change some settings inside the MSE User Interface. Of course, the settings defined inside the group policy containing this administrative template would be applied again each time a group policy update would be run, but this solution does not permit a precise control over settings such as Forefront Protection Suite 2010 does.

To conclude

Still it is pretty efficient to define Microsoft Security Essentials settings for several computers.

Going further

If you are interested in writing your own administrative templates for Active Directory, I advise you to check the Introduction to Windows 2000 group policy whitepaper. It really is a good start in order to create custom classic administrative templates.

10 comments:

  1. Is there a way to deploy MS Security Essentials via Group Policy to Windows XP machines?

    ReplyDelete
  2. First of all, as a reminder, please read the MSE small business
    http://social.answers.microsoft.com/Forums/en-US/msestart/thread/5335e31f-e59e-4b87-b817-426e82946d48

    Then, it is always possible to deploy a MSI via group policy, please check this link:
    http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html

    If this a .exe application, you then have to use some script to deploy it, I then advise you this link:
    http://support.microsoft.com/?kbid=231747

    Cheers.

    ReplyDelete
  3. Can't get it to work with SBS2003. Keys are there but all empty. No option/values to change. Thank you anyway Fab.

    ReplyDelete
  4. Hmm suprising.
    It's true I actually did test it only on Windows 2008 and 2008 R2 DC, and on Vista and 7 clients.

    However, I am suprised it doesn't work, since it is not an XML administrative template.

    Are you sure you do not have any permission issues?

    Cheers.

    ReplyDelete
  5. Hi Fab

    All OK on 2008 but not on 2003. I tried on 3 different servers and keys are empty. Default permissions applied. Thank you.

    ReplyDelete
  6. Thank you ! I'm using it. Will check later if the settings were effectively deployed...

    ReplyDelete
  7. Windows 2003, go to View, Filtering and UNCHECK "Only show policy settings that can be fully managed". I can confirm this worked on our SBS 2003 server to XP clients. The client can still change settings, but it's reapplied on GPO refreshes.

    ReplyDelete
  8. As a software code method sanction and ALM MVP I specialist in the implementation of Unit Groundwork Computer, Visible Flat and Microsoft bill Trainer. I'm answerable for serving to customers meliorate their software container processes by decently implementing microsoft software Team Undergarment Server tools in a real behavior that's harmonious for his or her orderliness.

    ReplyDelete
  9. Search file and aplikasi ketemu shotcut tapi tidak bisa masuk jendela popup, ternyata untuk mengaktifkan kembali harus melalui Control Panel->System & Security->Action Centre-> kemudian Klik Turn On pada tombol yang berada di depan Microsoft Security Essential. Serious Security Alarms

    ReplyDelete