Hi folks,
We use SCCM 2012 R2 here and I'm looking into an issue where the Endpoint Protection Deployment Information statistics do not update for the most part where the SCEP client is already installed as part of the SOE.
Delving into things a little more:
- Our image is based on Windows 8.1 Enterprise with update 1, 64-bit.
- A reference antimalware policy was created within SCCM and exported to XML for use in the imaging process.
- SCEP was installed on the reference image with the policy from point 2 applied. This ensures workgroup machines have a policy applied from the outset.
- The SCCM agent is not installed as part of the image since not all machines are in contact with the SCCM infrastructure.
- The SCCM agent is deployed post-build to the clients that are in contact with the SCCM infrastructure.
Using this approach, the Deployment State is correctly changing to Managed once the SCCM antimalware policy is applied and the return code is 0x00000000. This is as expected, however, the remaining fields in the Endpoint Protection Deployment Information section of the console are never populated (although the only additional field I care about is the Client Version).
After a little bit of searching, I came up with this older TechNet blog article from the Configuration Manager Team, however, after removing these keys and values from the registry of the reference image and re-Sysprepping, I still have the same outcome of missing the majority of the SCEP status information.
Above and beyond removing the referenced registry keys and values, what else must be done such that a managed client will submit all information to SCCM?
Cheers,
Lain