Create a SCEP Definitions Update ADR in ConfigMgr 2012 R2 with PowerShell

This code lets you create a Software Update Automatic Deployment Rule (ADR) in Configuration Manager for the purpose of downloading and deploying definition for System Center Endpoint Protection (SCEP), as per the steps laid out in Chapter 16 of Learn ConfigMgr 2012 in a Month of Lunches.

You can also download the code directly from //

This process does assume that you have already created a Software Update Group for SCEP definitions as well as a Deployment Package.  The ADR created uses a manual sync schedule – this is fine for the purpose of a lab environment, but if your SUP is configured with a sync schedule (which it should be) then change the ADR to sync after a successful SUP sync.

# Define Configuration Manager variables
$coll = Get-CMDeviceCollection -Name 'All Desktop and Server Clients'
$package = Get-CMSoftwareUpdateDeploymentPackage -Name 'Endpoint Protection Definitions'
# 1.0 Create CM Schedule for ADR
$Schedule = New-CMSchedule -RecurInterval Days -RecurCount 1
# 1.1 Create ADR for Endpoint Protection Definition Updates
New-CMSoftwareUpdateAutoDeploymentRule `
    -Name 'ADR - Endpoint Protection Definitions' `
    -CollectionName $coll.Name `
    -AddToExistingSoftwareUpdateGroup $true `
    -EnabledAfterCreate $True `
    -VerboseLevel OnlyErrorMessages `
    -DeployWithoutLicense $True `
    -SendWakeUpPacket $False `
    -DateReleasedOrRevised Last1day `
    -Product 'Forefront Endpoint Protection 2010' `
    -Superseded $False `
    -UpdateClassification 'Definition Updates' `
    -RunType RunTheRuleOnSchedule `
    -Schedule $Schedule `
    -UseUtc $False `
    -AvailableImmediately $True `
    -DeadlineImmediately $True `
    -UserNotification HideAll `
    -AllowSoftwareInstallationOutsideMaintenanceWindow $True `
    -AllowRestart $False `
    -SuppressRestartServer $True `
    -SuppressRestartWorkstation $True `
    -WriteFilterHandling $False `
    -SuccessPercent 75 `
    -AlertTimeUnit Days `
    -AlertTime 2 `
    -GenerateSuccessAlert $False `
    -DisableOperationManager $False `
    -GenerateOperationManagerAlert $False `
    -NoInstallOnRemote $False `
    -NoInstallOnUnprotected $False `
    -UseBranchCache $False `
    -DownloadFromMicrosoftUpdate $True `
    -AllowUseMeteredNetwork $True `
    -DeploymentPackageName $package.Name `
    -DownloadFromInternet $True `
    -LanguageSelection 'English' `

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>