A quick followup to my earlier post on the SCEP 2012 ADMX template, I was working today with our Citrix environment and needed to remove visibility of the SCEP client interface.
Fortunately, there is an option in the SCCM Endpoint Protection policies, so I know the functionality to do this is there. This doesn’t seem to have been an option in Forefront Endpoint Protection (FEP) 2010, otherwise it would have been in the original policy template.
The value for this is “UILockdown” and is found next to the other UX configuration settings for SCEP:
HKLM\Software\Policies\Microsoft\Microsoft Antimalware\UX Configuration\UILockdown (1 for disabled, 0 for enabled)
The files can be downloaded here. I’ll also continue to update the template as I find other settings that weren’t present in FEP 2010.