Deploying and configuring the Enhanced Mitigation Experience Toolkit (EMET) 3.0 with System Center Configuration Manager
The Enhanced Mitigation Experience Toolkit (EMET) 3.0 is designed to help prevent hackers from gaining access to your system, by adding additional security to any application configured for enhanced mitigation. One of the primary benefits of EMET is in hardening legacy applications that either don’t have up-to-date security mitigations in-code, or that haven’t been patched to the latest versions. Without vendor-provided updates to these applications, or adding the additional security controls and recompiling the application, there would be no easy way to secure them from exploitation. That’s where EMET comes in.
EMET leverages a Windows shim infrastructure called the Application Compatibility Framework. Using this framework, EMET applies the specified mitigations to each application configured for enhanced mitigation in a way that adds no additional resource overhead to the monitored applications. Full details on the latest release of EMET can be found here. EMET 3.0 can be downloaded from here.
EMET 3.0 also provides out of box protection profiles that add mitigation for some common applications. These can be applied to clients with EMET installed, by running a simple configuration binary. Additionally, the XML schema used in the protection profiles is straightforward, and can be easily modified to add your applications to the list of mitigated apps, and updated configurations can of course be delivered by Configuration Manager. As with any application you plan on deploying, it’s important to test EMET against your desired applications thoroughly before deploying to production.
Deployment
EMET also comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
For Group Policy: EMET includes an ADMX file that contains the three protection profiles mentioned above as policies that can be enabled/disabled through group policy. There is also a policy that demonstrates how to add custom EMET settings.
For System Center Configuration Manager: The SCCM team blog post this morning provides a package and instructions for integration with various SCCM features. Read that blog post here: http://blogs.technet.com/b/configmgrteam/archive/2012/05/15/deploying-and-configuring-the-enhanced-mitigation-experience-toolkit.aspx
anyone who’s trying to install SCCM 2012 needs to do a check if there environment is ready for SCCM 2012.
Well and most of the items are AD or SQL related and easy to fix. this will not be a long story only the quick fixes. the installation guides and all other stuff is already on the Web so here it is.
get SCCM 2012 here : http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx
here are all the supported SQL configs : http://technet.microsoft.com/en-us/library/gg682077.aspx
sccm 2012 prerequisites :
As all of you know, one of the first installation steps is the Update Prerequisite Components.
If you don’t have access to internet on your SCCM server then you have to download the required updates on another computer, import the folder on the SCCM server and have SCCM setup pointing to the folder.
In the previous version (SCCM 2007) the command was Setup.exe /downloads <target dir>. In SCCM 2012 this has changed, and the new command is SetupDL.exe <target dir>.
The SetupDL.exe file is located in the SMSSETUP\BIN\X64 directory.
But what about SQL what version should I use on the RC version?
The clear message "Configuration Manager sites require SQL Server 2008 SP1 with Cumulative Update 10 or higher for site database operations to succeed. SQL Server 2008 SP2 and SQL Server 2008 R2 are not supported." says that this requirement is hard.
Please note that even SQL Server 2008 SP2 is not supported
The big gotcha in SCCM 2012 Beta 2 is the tedious requirement for SQL Server 2008 SP1 with Cumulative Update 10. Not SQL Server 2008 R2 or even SQL Server 2008 SP2. Ultra specific, which I cant imagine that will remain this way for RC/RTM and should support SQL Server 2008 R2 (and Denali).
But does it really not Work ? lets find out. First when I started the RC setup there was this AD error I do not have a screen shot but is says ad no access etc .I have full access.
FIX : Create the System center object and give the SCCM server Full access. start adsiedit.msc
Now that the computer has full Access on the AD container we have one error less.
My SQL server 2008R2 
and it is a cluster 
as an cluster MVP every thing should be clusterd or atleast you should try to do this.
as the default SQL is using dynamic ports, yes it is , this is a great security thing no more 1433 etc but how to check the SQL port. yes there is your error.
go set the SQL ports on fixed how ? 
Go to the SQL configuration manager and change the port at the bottom remove the 0 and on tcp port fill in 1433 and you are done. Restart the SQL services and start the SCCM setup.
this can’t be all ? yes it is if you have a healthy server it is .
Now that the SCCM 2012 setup is running and there are no errors or warnings I believe SCCM will run just fine
My VM has 1 CPU 3.2ghz and 2GB mem and a 200Gb C drive but more CPU and memory is better. I has also a own WSUS and WDS installed.
![clip_image002[4]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0024_thumb_3.jpg "clip_image002[4]")
![clip_image002[6]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0026_thumb_3.jpg "clip_image002[6]")
![clip_image002[8]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0028_thumb_3.jpg "clip_image002[8]")
Yes my SCVMM 2012 has also a WSUS and my home Corp server Has also a WSUS server why well I have 8 WSUS servers in my testlab ;-( crazy
my guess the NEXT version of wsus will fix this. oh and you can’t link them no top/down tier WSUS servers.
and please do test the endpoint protection in SCCM all my VM’s are protected now easy step.
Technorati Tags: Installation,Problems,SCCM,check,stuff,manager,Update,Prerequisite,Components,computer,folder,Setup,SetupDL,file,SMSSETUP,Configuration,Server,Cumulative,database,Beta,Ultra,support,Denali,Work,shot,Create,System,object,Full,container,cluster,port,Restart,WSUS,SCVMM,Corp,test,easy,here,microsoft,center,aspx,version,command,target,should,says,error,ports,also,servers
Windows Live Tags: Installation,Problems,SCCM,check,stuff,manager,Update,Prerequisite,Components,computer,folder,Setup,SetupDL,file,SMSSETUP,Configuration,Server,Cumulative,database,Beta,Ultra,support,Denali,Work,shot,Create,System,object,Full,container,cluster,port,Restart,WSUS,SCVMM,Corp,test,easy,here,microsoft,center,aspx,version,command,target,should,says,error,ports,also,servers
WordPress Tags: Installation,Problems,SCCM,check,stuff,manager,Update,Prerequisite,Components,computer,folder,Setup,SetupDL,file,SMSSETUP,Configuration,Server,Cumulative,database,Beta,Ultra,support,Denali,Work,shot,Create,System,object,Full,container,cluster,port,Restart,WSUS,SCVMM,Corp,test,easy,here,microsoft,center,aspx,version,command,target,should,says,error,ports,also,servers
![clip_image002[4]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0024_3.jpg "clip_image002[4]")
![clip_image002[6]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0026_3.jpg "clip_image002[6]")
![clip_image002[8]](http://scom.aca-computers.nl/image/Installation-Problems-SCCM-2012_125C2/clip_image0028_3.jpg "clip_image002[8]")
