If you feel this tip has saved you time or effort, please consider buying us a cuppa coffee to keep things going!

Guide for managing Microsoft Forefront Endpoint Protection using Group Policies (GPO).

Microsoft Forefront Endpoint Protection ADM templates

Before you can manage Microsoft Forefront Endpoint Protection with group policies, you need to download the group policy (ADM) templates. You can download a number of management tools - including the ADM templates for Microsoft Forefront Endpoint Protection here:

http://www.microsoft.com/en-au/download/details.aspx?id=26613

On this page, grab the file fep2010grouppolicytools-en-us.exe

Installing Microsoft Forefront Endpoint Protection ADM templates

Once downloaded, copy fep2010grouppolicytools-en-us.exe to one of your Active Directory servers and run it.

Once run, it will generate three files - FEP2010.admx, FEP2010.adml and FEP2010GPTool.exe

Open a windows explorer window and navigate to \\<your domain>\sysvol\<your domain>\Policies\PolicyDefinitions

Copy the FEP2010.admx file into this folder, and copy the FEP2010.adml file into you language folder (for english, choose the en-US folder)

Manage Microsoft Forefront Endpoint Protection

Now that you have the admx and adml files in the central store, you can manage Microsoft Forefront Endpoint Protection with group policies.

Open your Group Policy management console and naviate to:

Computer Configuration -> Administrative Templates -> System -> Forefront Endpoint Protection 2010

There a many settings here to configure; to get you started I suggest:

Specify the time of day to run a scheduled full scan to complete remediation : 960 (this is 4pm)